daemon: fix read overflow when parsing CDP addresses

author Vincent Bernat <vincent@bernat.ch>

Wed, 12 Apr 2023 05:38:31 +0000 (07:38 +0200)

committer Vincent Bernat <vincent@bernat.ch>

Wed, 12 Apr 2023 18:42:02 +0000 (20:42 +0200)
author Vincent Bernat <vincent@bernat.ch>
Wed, 12 Apr 2023 05:38:31 +0000 (07:38 +0200)
committer Vincent Bernat <vincent@bernat.ch>
Wed, 12 Apr 2023 18:42:02 +0000 (20:42 +0200)
diff --git a/NEWS b/NEWS

index 003325aed1c23cf189470c9334afa865a19b637f..ffc8e8047e9d436d91a7a6f22d7560cef49cf294 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+lldpd (1.0.17)
+ * Fix:
+   + Read overflow when parsing CDP addresses. Thanks to Matteo Memelli.
+
  lldpd (1.0.16)
   * Fix:
     + Do not use 00:00:00:00:00:00 as chassis ID.
diff --git a/src/daemon/protocols/cdp.c b/src/daemon/protocols/cdp.c

index 8a1be86362fc4628092e3b2c243c26e887fdafa5..42861c0e9514bf20b26964ab7dd3b14e4b05a7e4 100644 (file)
--- a/src/daemon/protocols/cdp.c
+++ b/src/daemon/protocols/cdp.c
@@ -466,6 +466,7 @@ cdp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardwar
                                         goto malformed;
                                 }
                                 PEEK_DISCARD(address_len);
+                               addresses_len -= address_len;
                                 (void)PEEK_SAVE(pos_next_address);
                                 /* Next, we go back and try to extract
                                    IPv4 address */
author	Vincent Bernat <vincent@bernat.ch>
	Wed, 12 Apr 2023 05:38:31 +0000 (07:38 +0200)
committer	Vincent Bernat <vincent@bernat.ch>
	Wed, 12 Apr 2023 18:42:02 +0000 (20:42 +0200)
NEWS		patch \| blob \| blame \| history
src/daemon/protocols/cdp.c		patch \| blob \| blame \| history