proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-27 07:15:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Check if FQDN capability length is in valid ranges

Browse Source 
If FQDN capability comes as dynamic capability we should check if the encoding
is proper.

Before this patch we returned an error if the hostname/domainname length check
was > end. But technically, if the length is also == end, this is
a malformed capability, because we use the data incorrectly after we check the
length.

This causes heap overflow (when compiled with address-sanitizer).

Signed-off-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
This commit is contained in:
Donatas Abraitis 2024-05-24 09:58:30 +03:00
parent 150eb73054
commit 0d079e01e5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bgpd/bgp_packet.c
View File

@ -3433,7 +3433,7 @@ static void bgp_dynamic_capability_fqdn(uint8_t *pnt, int action,
if (action == CAPABILITY_ACTION_SET) {
/* hostname */
if (data + 1 > end) {
if (data + 1 >= end) {
zlog_err("%pBP: Received invalid FQDN capability (host name length)",
peer);
return;
@ -3463,7 +3463,7 @@ static void bgp_dynamic_capability_fqdn(uint8_t *pnt, int action,
peer->hostname = XSTRDUP(MTYPE_BGP_PEER_HOST, str);
}
if (data + 1 > end) {
if (data + 1 >= end) {
zlog_err("%pBP: Received invalid FQDN capability (domain name length)",
peer);
return;