Merge pull request #16282 from FRRouting/mergify/bp/stable/10.0/pr-16213

bgpd: Check if we have really enough data before doing memcpy for FQDN capability (backport #16213)
2025-07-27 10:04:18 +00:00 · 2024-06-25 07:29:54 -04:00 · 2024-06-25 07:29:54 -04:00 · bd137a2fb1
commit bd137a2fb1
parent bbb2ae0585 2025b9a381
1 changed files with 2 additions and 2 deletions
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@ -3300,7 +3300,7 @@ static void bgp_dynamic_capability_fqdn(uint8_t *pnt, int action,
 		}

 		len = *data;
-		if (data + len > end) {
+		if (data + len + 1 > end) {
 			zlog_err("%pBP: Received invalid FQDN capability length (host name) %d",
 				 peer, hdr->length);
 			return;
@ -3331,7 +3331,7 @@ static void bgp_dynamic_capability_fqdn(uint8_t *pnt, int action,

 		/* domainname */
 		len = *data;
-		if (data + len > end) {
+		if (data + len + 1 > end) {
 			zlog_err("%pBP: Received invalid FQDN capability length (domain name) %d",
 				 peer, len);
 			return;