Skip to content

Commit ff6db10

Browse files
donaldsharpdonaldsharp
committed
bgpd: Make sure hdr length is at a minimum of what is expected
Ensure that if the capability length specified is enough data. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
1 parent 49efc80 commit ff6db10

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

bgpd/bgp_packet.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
26202620
"%s CAPABILITY has action: %d, code: %u, length %u",
26212621
peer->host, action, hdr->code, hdr->length);
26222622

2623+
if (hdr->length < sizeof(struct capability_mp_data)) {
2624+
zlog_info(
2625+
"%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
2626+
peer, sizeof(struct capability_mp_data),
2627+
hdr->length);
2628+
return BGP_Stop;
2629+
}
2630+
26232631
/* Capability length check. */
26242632
if ((pnt + hdr->length + 3) > end) {
26252633
zlog_info("%s Capability length error", peer->host);

0 commit comments

Comments
 (0)