proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-05-29 21:01:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #16171 from mjstapp/fix_fpm_nl_len_check

Browse Source 
zebra: fix incoming FPM message length validation
This commit is contained in:
Donald Sharp 2024-06-06 08:20:53 -04:00 committed by GitHub
commit e1e84a70a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
zebra/dplane_fpm_nl.c
View File

@ -654,14 +654,6 @@ static void fpm_read(struct event *t)
hdr_available_bytes = fpm.msg_len - FPM_MSG_HDR_LEN;
available_bytes -= hdr_available_bytes;
/* Sanity check: must be at least header size. */
if (hdr->nlmsg_len < sizeof(*hdr)) {
zlog_warn(
"%s: [seq=%u] invalid message length %u (< %zu)",
__func__, hdr->nlmsg_seq, hdr->nlmsg_len,
sizeof(*hdr));
continue;
}
if (hdr->nlmsg_len > fpm.msg_len) {
zlog_warn(
"%s: Received a inner header length of %u that is greater than the fpm total length of %u",
@ -691,6 +683,14 @@ static void fpm_read(struct event *t)
switch (hdr->nlmsg_type) {
case RTM_NEWROUTE:
/* Sanity check: need at least route msg header size. */
if (hdr->nlmsg_len < sizeof(struct rtmsg)) {
zlog_warn("%s: [seq=%u] invalid message length %u (< %zu)",
__func__, hdr->nlmsg_seq,
hdr->nlmsg_len, sizeof(struct rtmsg));
break;
}
ctx = dplane_ctx_alloc();
dplane_ctx_route_init(ctx, DPLANE_OP_ROUTE_NOTIFY, NULL,
NULL);