proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-06 15:58:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ospfd: Limit possible message read to our buffer size

Browse Source 
It's possible(but unlikely) that a read of data from the
network will give us bogus data.  Don't automatically
just trust the data size from the network and limit
the read to the size of the buffer we have in play.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is contained in:
Donald Sharp 2020-04-21 08:09:58 -04:00
parent 58c3cdb922
commit e1c511c694
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ospfd/ospf_api.c
View File

@ -353,8 +353,8 @@ struct msg *msg_read(int fd)
struct msg *msg;
struct apimsghdr hdr;
uint8_t buf[OSPF_API_MAX_MSG_SIZE];
int bodylen;
int rlen;
ssize_t bodylen;
ssize_t rlen;
/* Read message header */
rlen = readn(fd, (uint8_t *)&hdr, sizeof(struct apimsghdr));
@ -378,8 +378,13 @@ struct msg *msg_read(int fd)
/* Determine body length. */
bodylen = ntohs(hdr.msglen);
if (bodylen > 0) {
if (bodylen > (ssize_t)sizeof(buf)) {
zlog_warn("%s: Body Length of message greater than what we can read",
__func__);
return NULL;
}
if (bodylen > 0) {
/* Read message body */
rlen = readn(fd, buf, bodylen);
if (rlen < 0) {