proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-17 04:15:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

isisd: don't overrun list of protocols

Browse Source 
isisd currently has a list of supported protocols as a fixed array of
size 4.  this can be overran, leading to an overwrite of the ipv4_addrs
pointer.

  * isisd/isis_pdu.c: don't accept more protocols than there's space for

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This commit is contained in:
David Lamparter 2012-05-08 13:32:53 +02:00
parent 80a21dc60f
commit 655071f44a
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
isisd/isis_pdu.c
View File

@ -311,7 +311,7 @@ tlvs_to_adj_area_addrs (struct tlvs *tlvs, struct isis_adjacency *adj)
} }
} }
static void static int
tlvs_to_adj_nlpids (struct tlvs *tlvs, struct isis_adjacency *adj) tlvs_to_adj_nlpids (struct tlvs *tlvs, struct isis_adjacency *adj)
{ {
int i; int i;
@ -321,6 +321,8 @@ tlvs_to_adj_nlpids (struct tlvs *tlvs, struct isis_adjacency *adj)
{ {
tlv_nlpids = tlvs->nlpids; tlv_nlpids = tlvs->nlpids;
if (tlv_nlpids->count > array_size (adj->nlpids.nlpids))
return 1;
adj->nlpids.count = tlv_nlpids->count; adj->nlpids.count = tlv_nlpids->count;
@ -329,6 +331,7 @@ tlvs_to_adj_nlpids (struct tlvs *tlvs, struct isis_adjacency *adj)
adj->nlpids.nlpids[i] = tlv_nlpids->nlpids[i]; adj->nlpids.nlpids[i] = tlv_nlpids->nlpids[i];
} }
} }
return 0;
} }
static void static void
@ -548,7 +551,8 @@ process_p2p_hello (struct isis_circuit *circuit)
/* which protocol are spoken ??? */ /* which protocol are spoken ??? */
if (found & TLVFLAG_NLPID) if (found & TLVFLAG_NLPID)
tlvs_to_adj_nlpids (&tlvs, adj); if (tlvs_to_adj_nlpids (&tlvs, adj))
return ISIS_ERROR;
/* we need to copy addresses to the adj */ /* we need to copy addresses to the adj */
if (found & TLVFLAG_IPV4_ADDR) if (found & TLVFLAG_IPV4_ADDR)