mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-08-02 15:34:30 +00:00
ospf6d: fix out of bounds write in ospf6_prefix_apply_mask
ospf6_prefix_apply_mask would write one byte beyond the 4/8/12 bytes allocated for prefixes of length 32/64/96. based on report and patch by Jon Andersson <jon.andersson@thales.no> Reported-by: Jon Andersson <jon.andersson@thales.no> Signed-off-by: David Lamparter <equinox@diac24.net>
This commit is contained in:
parent
4afa50b393
commit
4c0cf00afc
@ -42,11 +42,10 @@ ospf6_prefix_apply_mask (struct ospf6_prefix *op)
|
||||
return;
|
||||
}
|
||||
|
||||
if (index == 16)
|
||||
return;
|
||||
|
||||
pnt[index] &= mask;
|
||||
index ++;
|
||||
/* nonzero mask means no check for this byte because if it contains
|
||||
* prefix bits it must be there for us to write */
|
||||
if (mask)
|
||||
pnt[index++] &= mask;
|
||||
|
||||
while (index < OSPF6_PREFIX_SPACE (op->prefix_length))
|
||||
pnt[index++] = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user