Merge pull request #16281 from FRRouting/mergify/bp/dev/10.1/pr-16213

bgpd: Check if we have really enough data before doing memcpy for FQDN capability (backport #16213)
2025-06-05 11:26:14 +00:00 · 2024-06-25 13:48:18 +03:00 · 2024-06-25 13:48:18 +03:00 · 48b0d338e3
commit 48b0d338e3
parent a83e5971d5 b98a3a1fa8
1 changed files with 2 additions and 2 deletions
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@ -3437,7 +3437,7 @@ static void bgp_dynamic_capability_fqdn(uint8_t *pnt, int action,
 		}

 		len = *data;
-		if (data + len > end) {
+		if (data + len + 1 > end) {
 			zlog_err("%pBP: Received invalid FQDN capability length (host name) %d",
 				 peer, hdr->length);
 			return;
@ -3468,7 +3468,7 @@ static void bgp_dynamic_capability_fqdn(uint8_t *pnt, int action,

 		/* domainname */
 		len = *data;
-		if (data + len > end) {
+		if (data + len + 1 > end) {
 			zlog_err("%pBP: Received invalid FQDN capability length (domain name) %d",
 				 peer, len);
 			return;