]> git.ipfire.org Git - thirdparty/bird.git/commitdiff
projects / thirdparty / bird.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2918e61)
Fixes possible buffer overflow when printing BGP attributes.
authorOndrej Zajicek <santiago@crfreenet.org>
Sat, 3 Sep 2011 19:59:40 +0000 (21:59 +0200)
committerOndrej Zajicek <santiago@crfreenet.org>
Sat, 3 Sep 2011 19:59:40 +0000 (21:59 +0200)
Thanks to Alexander V. Chernikov for the patch.

proto/bgp/attrs.c patch | blob | blame | history

diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c
index 59d8a8c08cb8f33b462af1ef9b740fa2411219f1..2832f428d7c971fa542bdddf260d505bdd17a8b4 100644 (file)
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -1576,16 +1576,18 @@ bgp_get_attr(eattr *a, byte *buf, int buflen)
 {
   unsigned int i = EA_ID(a->id);
   struct attr_desc *d;
+  int len;
 
   if (ATTR_KNOWN(i))
     {
       d = &bgp_attr_table[i];
-      buf += bsprintf(buf, "%s", d->name);
+      len = bsprintf(buf, "%s", d->name);
+      buf += len;
       if (d->format)
        {
          *buf++ = ':';
          *buf++ = ' ';
-         d->format(a, buf, buflen);
+         d->format(a, buf, buflen - len - 2);
          return GA_FULL;
        }
       return GA_NAME;
Mirror of https://gitlab.labs.nic.cz/labs/bird.git