Jerry/bird
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixes a buffer overflow in TX code of IPv6 BGP.

Browse source
This commit is contained in:
Ondrej Zajicek 2010-07-22 15:09:35 +02:00
parent 7873e9828f
commit 852b7062e3
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nest/rt-table.c
View file

@ -354,7 +354,7 @@ rte_validate(rte *e)
int c; int c;
net *n = e->net; net *n = e->net;
if (ipa_nonzero(ipa_and(n->n.prefix, ipa_not(ipa_mkmask(n->n.pxlen))))) if ((n->n.pxlen > BITS_PER_IP_ADDRESS) || !ip_is_prefix(n->n.prefix,n->n.pxlen))
{ {
log(L_BUG "Ignoring bogus prefix %I/%d received via %s", log(L_BUG "Ignoring bogus prefix %I/%d received via %s",
n->n.prefix, n->n.pxlen, e->sender->name); n->n.prefix, n->n.pxlen, e->sender->name);

2
proto/bgp/packets.c
View file

@ -219,7 +219,7 @@ bgp_encode_prefixes(struct bgp_proto *p, byte *w, struct bgp_bucket *buck, unsig
ip_addr a; ip_addr a;
int bytes; int bytes;
while (!EMPTY_LIST(buck->prefixes) && remains >= 5) while (!EMPTY_LIST(buck->prefixes) && remains >= (1+sizeof(ip_addr)))
{ {
struct bgp_prefix *px = SKIP_BACK(struct bgp_prefix, bucket_node, HEAD(buck->prefixes)); struct bgp_prefix *px = SKIP_BACK(struct bgp_prefix, bucket_node, HEAD(buck->prefixes));
DBG("\tDequeued route %I/%d\n", px->n.prefix, px->n.pxlen); DBG("\tDequeued route %I/%d\n", px->n.prefix, px->n.pxlen);