diff options
| author | Sri Mohana Singamsetty <srimohans@gmail.com> | 2019-11-19 19:31:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-11-19 19:31:47 +0100 |
| commit | 49fa8e917dffa9d65969317bbd11c8689aaa2e42 (patch) | |
| tree | 5546b47cca4372f98cc9a70ca578e89325aedefe | |
| parent | Merge pull request #5292 from donaldsharp/ospf_vrf_data (diff) | |
| parent | pimd: Fix possible read beyond end of data received (diff) | |
| download | frr-49fa8e917dffa9d65969317bbd11c8689aaa2e42.tar.xz frr-49fa8e917dffa9d65969317bbd11c8689aaa2e42.zip | |
Merge pull request #5375 from donaldsharp/pim_packet_issues
pimd: Fix possible read beyond end of data received
| -rw-r--r-- | pimd/pim_pim.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pimd/pim_pim.c b/pimd/pim_pim.c index cd2d306f3..342c0a74e 100644 --- a/pimd/pim_pim.c +++ b/pimd/pim_pim.c @@ -190,6 +190,12 @@ int pim_pim_packet(struct interface *ifp, uint8_t *buf, size_t len) no_fwd = header->Nbit; if (header->type == PIM_MSG_TYPE_REGISTER) { + if (pim_msg_len < PIM_MSG_REGISTER_LEN) { + if (PIM_DEBUG_PIM_PACKETS) + zlog_debug("PIM Register Message size=%d shorther than min length %d", + pim_msg_len, PIM_MSG_REGISTER_LEN); + return -1; + } /* First 8 byte header checksum */ checksum = in_cksum(pim_msg, PIM_MSG_REGISTER_LEN); if (checksum != pim_checksum) { |