From b1d33ec293e8e36fbb8766252f3b016d268e31ce Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Fri, 24 Mar 2023 09:55:23 +0200
Subject: [PATCH] bgpd: Check 7 bytes for Long-lived Graceful-Restart
 capability

It's not 4 bytes, it was assuming the same as Graceful-Restart tuples.

LLGR has more 3 bytes (Long-lived Stale Time).

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 bgpd/bgp_open.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
index 032767820f5c..4814d69c33c5 100644
--- a/bgpd/bgp_open.c
+++ b/bgpd/bgp_open.c
@@ -604,12 +604,24 @@ static int bgp_capability_restart(struct peer *peer,
 static int bgp_capability_llgr(struct peer *peer,
 			       struct capability_header *caphdr)
 {
+/*
+ * +--------------------------------------------------+
+ * | Address Family Identifier (16 bits)              |
+ * +--------------------------------------------------+
+ * | Subsequent Address Family Identifier (8 bits)    |
+ * +--------------------------------------------------+
+ * | Flags for Address Family (8 bits)                |
+ * +--------------------------------------------------+
+ * | Long-lived Stale Time (24 bits)                  |
+ * +--------------------------------------------------+
+ */
+#define BGP_CAP_LLGR_MIN_PACKET_LEN 7
 	struct stream *s = BGP_INPUT(peer);
 	size_t end = stream_get_getp(s) + caphdr->length;
 
 	SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV);
 
-	while (stream_get_getp(s) + 4 <= end) {
+	while (stream_get_getp(s) + BGP_CAP_LLGR_MIN_PACKET_LEN <= end) {
 		afi_t afi;
 		safi_t safi;
 		iana_afi_t pkt_afi = stream_getw(s);