From: Vincent Bernat Date: Fri, 25 Nov 2016 19:17:58 +0000 (+0100) Subject: med: fix parsing of LLDP-MED LCI when TLV size exceeds addr size X-Git-Tag: 0.9.6~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=23ce0513e1bd5530e2055534243ac0c8fb0813ee;p=thirdparty%2Flldpd.git med: fix parsing of LLDP-MED LCI when TLV size exceeds addr size Some equipments are sending an address whose size is less than the declared TLV size. The TLV is padded with 0. We rejected this because of a size mismatch. Fix #210. --- diff --git a/NEWS b/NEWS index f8a2b8b3..000f7275 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ lldpd (0.9.6) * Change: + Add a compile-time option to restore pre-0.9.2 JSON format (when using json-c). Use `--enable-json0` to enable this option. + * Fix: + + Correctly parse LLDP-MED civic address when the length of the + TLV exceeds the length of the address. lldpd (0.9.5) * Change: diff --git a/src/lib/atoms/med.c b/src/lib/atoms/med.c index 89742e43..e1b20fdf 100644 --- a/src/lib/atoms/med.c +++ b/src/lib/atoms/med.c @@ -369,7 +369,7 @@ _lldpctl_atom_get_int_med_location(lldpctl_atom_t *atom, lldpctl_key_t key) return LLDP_MED_LOCFORMAT_COORD; case LLDP_MED_LOCFORMAT_CIVIC: if ((m->location->data_len < 3) || - (m->location->data_len - 1 != + (m->location->data_len - 1 < m->location->data[0])) break; return LLDP_MED_LOCFORMAT_CIVIC; case LLDP_MED_LOCFORMAT_ELIN: @@ -735,7 +735,7 @@ _lldpctl_atom_iter_med_caelements_list(lldpctl_atom_t *atom) struct ca_iter *iter = _lldpctl_alloc_in_atom(atom, sizeof(struct ca_iter)); if (!iter) return NULL; iter->data = (uint8_t*)plist->parent->location->data + 4; - iter->data_len = plist->parent->location->data_len - 4; + iter->data_len = *(uint8_t*)plist->parent->location->data - 3; return (lldpctl_atom_iter_t*)iter; }