From 23ce0513e1bd5530e2055534243ac0c8fb0813ee Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Fri, 25 Nov 2016 20:17:58 +0100 Subject: [PATCH] med: fix parsing of LLDP-MED LCI when TLV size exceeds addr size Some equipments are sending an address whose size is less than the declared TLV size. The TLV is padded with 0. We rejected this because of a size mismatch. Fix #210. --- NEWS | 3 +++ src/lib/atoms/med.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index f8a2b8b3..000f7275 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ lldpd (0.9.6) * Change: + Add a compile-time option to restore pre-0.9.2 JSON format (when using json-c). Use `--enable-json0` to enable this option. + * Fix: + + Correctly parse LLDP-MED civic address when the length of the + TLV exceeds the length of the address. lldpd (0.9.5) * Change: diff --git a/src/lib/atoms/med.c b/src/lib/atoms/med.c index 89742e43..e1b20fdf 100644 --- a/src/lib/atoms/med.c +++ b/src/lib/atoms/med.c @@ -369,7 +369,7 @@ _lldpctl_atom_get_int_med_location(lldpctl_atom_t *atom, lldpctl_key_t key) return LLDP_MED_LOCFORMAT_COORD; case LLDP_MED_LOCFORMAT_CIVIC: if ((m->location->data_len < 3) || - (m->location->data_len - 1 != + (m->location->data_len - 1 < m->location->data[0])) break; return LLDP_MED_LOCFORMAT_CIVIC; case LLDP_MED_LOCFORMAT_ELIN: @@ -735,7 +735,7 @@ _lldpctl_atom_iter_med_caelements_list(lldpctl_atom_t *atom) struct ca_iter *iter = _lldpctl_alloc_in_atom(atom, sizeof(struct ca_iter)); if (!iter) return NULL; iter->data = (uint8_t*)plist->parent->location->data + 4; - iter->data_len = plist->parent->location->data_len - 4; + iter->data_len = *(uint8_t*)plist->parent->location->data - 3; return (lldpctl_atom_iter_t*)iter; } -- 2.39.5