From: Ondrej Zajicek <santiago@crfreenet.org>
Date: Sat, 3 Sep 2011 19:59:40 +0000 (+0200)
Subject: Fixes possible buffer overflow when printing BGP attributes.
X-Git-Tag: v1.3.3~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c4df70373fa640a7f068d4e1b563621b67c0d2b;p=thirdparty%2Fbird.git

Fixes possible buffer overflow when printing BGP attributes.

Thanks to Alexander V. Chernikov for the patch.
---

diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c
index 59d8a8c08..2832f428d 100644
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -1576,16 +1576,18 @@ bgp_get_attr(eattr *a, byte *buf, int buflen)
 {
   unsigned int i = EA_ID(a->id);
   struct attr_desc *d;
+  int len;
 
   if (ATTR_KNOWN(i))
     {
       d = &bgp_attr_table[i];
-      buf += bsprintf(buf, "%s", d->name);
+      len = bsprintf(buf, "%s", d->name);
+      buf += len;
       if (d->format)
 	{
 	  *buf++ = ':';
 	  *buf++ = ' ';
-	  d->format(a, buf, buflen);
+	  d->format(a, buf, buflen - len - 2);
 	  return GA_FULL;
 	}
       return GA_NAME;