med: fix parsing of LLDP-MED LCI when TLV size exceeds addr size

Some equipments are sending an address whose size is less than the
declared TLV size. The TLV is padded with 0. We rejected this because of
a size mismatch.

Fix #210.

diff --git a/NEWS b/NEWS
index f8a2b8b3b18c0c19826b4253f4c5591d450b38a5..000f72758ce6950097634b3c9a06c1c81a1be399 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ lldpd (0.9.6)
   * Change:
     + Add a compile-time option to restore pre-0.9.2 JSON format (when
       using json-c). Use `--enable-json0` to enable this option.
+  * Fix:
+    + Correctly parse LLDP-MED civic address when the length of the
+      TLV exceeds the length of the address.
 
 lldpd (0.9.5)
   * Change:

diff --git a/src/lib/atoms/med.c b/src/lib/atoms/med.c
index 89742e4360033997e4fa1c4dfe596edf694c87ba..e1b20fdf1c75d5c50b87677375a366de4d0c421d 100644 (file)
--- a/src/lib/atoms/med.c
+++ b/src/lib/atoms/med.c
@@ -369,7 +369,7 @@ _lldpctl_atom_get_int_med_location(lldpctl_atom_t *atom, lldpctl_key_t key)
                        return LLDP_MED_LOCFORMAT_COORD;
                case LLDP_MED_LOCFORMAT_CIVIC:
                        if ((m->location->data_len < 3) ||
-                           (m->location->data_len - 1 !=
+                           (m->location->data_len - 1 <
                                m->location->data[0])) break;
                        return LLDP_MED_LOCFORMAT_CIVIC;
                case LLDP_MED_LOCFORMAT_ELIN:
@@ -735,7 +735,7 @@ _lldpctl_atom_iter_med_caelements_list(lldpctl_atom_t *atom)
        struct ca_iter *iter = _lldpctl_alloc_in_atom(atom, sizeof(struct ca_iter));
        if (!iter) return NULL;
        iter->data = (uint8_t*)plist->parent->location->data + 4;
-       iter->data_len = plist->parent->location->data_len - 4;
+       iter->data_len = *(uint8_t*)plist->parent->location->data - 3;
        return (lldpctl_atom_iter_t*)iter;
 }