From feed548d366d5310e357e0694fffd50f042e31c9 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Sat, 17 Jan 2015 15:49:21 +0100
Subject: [PATCH] lldp: fix boundary checks when decoding LLDP management
 address

---
 src/daemon/lldp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/daemon/lldp.c b/src/daemon/lldp.c
index 5b0e4771..7dcfabf2 100644
--- a/src/daemon/lldp.c
+++ b/src/daemon/lldp.c
@@ -703,12 +703,12 @@ lldp_decode(struct lldpd *cfg, char *frame, int s,
 		case LLDP_TLV_MGMT_ADDR:
 			CHECK_TLV_SIZE(1, "Management address");
 			addr_str_length = PEEK_UINT8;
-			CHECK_TLV_SIZE(addr_str_length, "Management address");
+			CHECK_TLV_SIZE(1 + addr_str_length, "Management address");
 			PEEK_BYTES(addr_str_buffer, addr_str_length);
 			addr_length = addr_str_length - 1;
 			addr_family = addr_str_buffer[0];
 			addr_ptr = &addr_str_buffer[1];
-			CHECK_TLV_SIZE(5, "Management address");
+			CHECK_TLV_SIZE(1 + addr_str_length + 5, "Management address");
 			iface_subtype = PEEK_UINT8;
 			iface_number = PEEK_UINT32;
 			
-- 
2.39.5