proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-09 18:09:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zebra: reject ingress packets that are too large

Browse Source 
There may be logic to prevent this ever happening earlier in the network
read path, but it doesn't hurt to double check it here, because clearly
deeper paths rely on this being the case.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This commit is contained in:
Quentin Young 2020-01-03 21:22:44 -05:00
parent ab12ca856c
commit aa8cb96489
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
zebra/zapi_msg.c
View File

@ -2597,6 +2597,14 @@ void zserv_handle_commands(struct zserv *client, struct stream *msg)
struct zmsghdr hdr; struct zmsghdr hdr;
struct zebra_vrf *zvrf; struct zebra_vrf *zvrf;
if (STREAM_READABLE(msg) > ZEBRA_MAX_PACKET_SIZ) {
if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV)
zlog_debug(
"ZAPI message is %zu bytes long but the maximum packet size is %u; dropping",
STREAM_READABLE(msg), ZEBRA_MAX_PACKET_SIZ);
return;
}
zapi_parse_header(msg, &hdr); zapi_parse_header(msg, &hdr);
if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV) if (IS_ZEBRA_DEBUG_PACKET && IS_ZEBRA_DEBUG_RECV)