From aa8cb96489df39b3fd7c7197df13f139b85e05e9 Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri, 3 Jan 2020 21:22:44 -0500
Subject: [PATCH] zebra: reject ingress packets that are too large

There may be logic to prevent this ever happening earlier in the network
read path, but it doesn't hurt to double check it here, because clearly
deeper paths rely on this being the case.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---
 zebra/zapi_msg.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 1dbe41f462..9d108f305b 100644
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -2597,6 +2597,14 @@ void zserv_handle_commands(struct zserv *client, struct stream *msg)
 	struct zmsghdr hdr;
 	struct zebra_vrf *zvrf;
 
+	if (STREAM_READABLE(msg) > ZEBRA_MAX_PACKET_SIZ) {
+		if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV)
+			zlog_debug(
+				"ZAPI message is %zu bytes long but the maximum packet size is %u; dropping",
+				STREAM_READABLE(msg), ZEBRA_MAX_PACKET_SIZ);
+		return;
+	}
+
 	zapi_parse_header(msg, &hdr);
 
 	if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV)