isisd: don't corrupt memory for long hostnames

Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
2025-08-05 15:10:38 +00:00 · 2015-11-12 14:09:08 +01:00 · 2015-11-12 14:09:08 +01:00 · e316f9ab5a
commit e316f9ab5a
parent ac7d316959
2 changed files with 12 additions and 3 deletions
--- a/isisd/isis_lsp.c
+++ b/isisd/isis_lsp.c
@ -1222,12 +1222,19 @@ lsp_build (struct isis_lsp *lsp, struct isis_area *area)
  /* Dynamic Hostname */
  if (area->dynhostname)
    {
+      const char *hostname = unix_hostname();
+      size_t hostname_len = strlen(hostname);
+
      lsp->tlv_data.hostname = XMALLOC (MTYPE_ISIS_TLV,
 					sizeof (struct hostname));

-      memcpy (lsp->tlv_data.hostname->name, unix_hostname (),
-	      strlen (unix_hostname ()));
-      lsp->tlv_data.hostname->namelen = strlen (unix_hostname ());
+      strncpy((char *)lsp->tlv_data.hostname->name, hostname,
+              sizeof(lsp->tlv_data.hostname->name));
+      if (hostname_len <= MAX_TLV_LEN)
+        lsp->tlv_data.hostname->namelen = hostname_len;
+      else
+        lsp->tlv_data.hostname->namelen = MAX_TLV_LEN;
+
      tlv_add_dynamic_hostname (lsp->tlv_data.hostname, lsp->pdu);
    }

--- a/isisd/isis_tlv.h
+++ b/isisd/isis_tlv.h
@ -112,6 +112,8 @@

 #define AUTH_INFO_HDRLEN          3

+#define MAX_TLV_LEN 255
+
 #define IS_NEIGHBOURS_LEN (ISIS_SYS_ID_LEN + 5)
 #define LAN_NEIGHBOURS_LEN 6
 #define LSP_ENTRIES_LEN (10 + ISIS_SYS_ID_LEN)	/* FIXME: should be entry */