Skip to content

Commit

Permalink
Merge pull request #5336 from opensourcerouting/ldpd-buffer-overflow-7.2
Browse files Browse the repository at this point in the history 
[7.2] ldpd: add missing sanity check in the parsing of label messages
  • Loading branch information
@srimohans
srimohans committed Nov 15, 2019
2 parents 87512c0 + 3807890 commit 609eb01
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions ldpd/labelmapping.c
View file
Expand Up @@ -723,6 +723,14 @@ tlv_decode_fec_elm(struct nbr *nbr, struct ldp_msg *msg, char *buf,
/* Prefix Length */
map->fec.prefix.prefixlen = buf[off];
off += sizeof(uint8_t);
if ((map->fec.prefix.af == AF_IPV4
&& map->fec.prefix.prefixlen > IPV4_MAX_PREFIXLEN)
|| (map->fec.prefix.af == AF_IPV6
&& map->fec.prefix.prefixlen > IPV6_MAX_PREFIXLEN)) {
session_shutdown(nbr, S_BAD_TLV_VAL, msg->id,
msg->type);
return (-1);
}
if (len < off + PREFIX_SIZE(map->fec.prefix.prefixlen)) {
session_shutdown(nbr, S_BAD_TLV_LEN, msg->id,
msg->type);
Expand Down

0 comments on commit 609eb01

Please sign in to comment.