proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-14 18:01:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #11626 from opensourcerouting/fix/avoid_buffer_overflow

Browse Source 
zebra: Avoid buffer overflow using netlink_parse_rtattr_nested()
This commit is contained in:
Donald Sharp 2022-07-18 09:20:11 -04:00 committed by GitHub
commit 5f5b29862f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
zebra/rt_netlink.c
View File

@ -437,10 +437,10 @@ static enum seg6local_action_t
parse_encap_seg6local(struct rtattr *tb, parse_encap_seg6local(struct rtattr *tb,
struct seg6local_context *ctx) struct seg6local_context *ctx)
{ {
struct rtattr *tb_encap[256] = {}; struct rtattr *tb_encap[SEG6_LOCAL_MAX + 1] = {};
enum seg6local_action_t act = ZEBRA_SEG6_LOCAL_ACTION_UNSPEC; enum seg6local_action_t act = ZEBRA_SEG6_LOCAL_ACTION_UNSPEC;
netlink_parse_rtattr_nested(tb_encap, 256, tb); netlink_parse_rtattr_nested(tb_encap, SEG6_LOCAL_MAX, tb);
if (tb_encap[SEG6_LOCAL_ACTION]) if (tb_encap[SEG6_LOCAL_ACTION])
act = *(uint32_t *)RTA_DATA(tb_encap[SEG6_LOCAL_ACTION]); act = *(uint32_t *)RTA_DATA(tb_encap[SEG6_LOCAL_ACTION]);
@ -465,11 +465,11 @@ parse_encap_seg6local(struct rtattr *tb,
static int parse_encap_seg6(struct rtattr *tb, struct in6_addr *segs) static int parse_encap_seg6(struct rtattr *tb, struct in6_addr *segs)
{ {
struct rtattr *tb_encap[256] = {}; struct rtattr *tb_encap[SEG6_IPTUNNEL_MAX + 1] = {};
struct seg6_iptunnel_encap *ipt = NULL; struct seg6_iptunnel_encap *ipt = NULL;
struct in6_addr *segments = NULL; struct in6_addr *segments = NULL;
netlink_parse_rtattr_nested(tb_encap, 256, tb); netlink_parse_rtattr_nested(tb_encap, SEG6_IPTUNNEL_MAX, tb);
/* /*
* TODO: It's not support multiple SID list. * TODO: It's not support multiple SID list.