proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-05 10:08:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Ensure we do integer size promotions

Browse Source 
When doing multiplication of (int) * (uint_8t) we can
have overflow and end up in a weird state.  Intentionally
upgrade the type then do the math.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This commit is contained in:
Donald Sharp 2020-09-24 08:07:12 -04:00
parent f12296baac
commit 8da920d3c0
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
bgpd/bgp_ecommunity.c
View File

@ -265,7 +265,8 @@ struct ecommunity *ecommunity_dup(struct ecommunity *ecom)
if (new->size) {
new->val = XMALLOC(MTYPE_ECOMMUNITY_VAL,
ecom->size * ecom->unit_size);
memcpy(new->val, ecom->val, ecom->size * ecom->unit_size);
memcpy(new->val, ecom->val,
(size_t)ecom->size * (size_t)ecom->unit_size);
} else
new->val = NULL;
return new;
@ -285,18 +286,16 @@ struct ecommunity *ecommunity_merge(struct ecommunity *ecom1,
struct ecommunity *ecom2)
{
if (ecom1->val)
ecom1->val =
XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom1->val,
(ecom1->size + ecom2->size) *
ecom1->unit_size);
ecom1->val = XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom1->val,
(size_t)(ecom1->size + ecom2->size)
* (size_t)ecom1->unit_size);
else
ecom1->val =
XMALLOC(MTYPE_ECOMMUNITY_VAL,
(ecom1->size + ecom2->size) *
ecom1->unit_size);
ecom1->val = XMALLOC(MTYPE_ECOMMUNITY_VAL,
(size_t)(ecom1->size + ecom2->size)
* (size_t)ecom1->unit_size);
memcpy(ecom1->val + (ecom1->size * ecom1->unit_size), ecom2->val,
ecom2->size * ecom1->unit_size);
(size_t)ecom2->size * (size_t)ecom1->unit_size);
ecom1->size += ecom2->size;
return ecom1;