Fixes to BGP problems, from Dirk Steinberg.
Add some additional bounds checking to "decode_MPLS_stack()" so as not to overflow the buffer handed to it. svn path=/trunk/; revision=5518
This commit is contained in:
parent
2667dfed9a
commit
66e28fbb4a
6
AUTHORS
6
AUTHORS
|
@ -1203,7 +1203,11 @@ Andrew Esh <Andrew.Esh[AT]tricord.com> {
|
||||||
}
|
}
|
||||||
|
|
||||||
Greg Morris <GMORRIS[AT]novell.com> {
|
Greg Morris <GMORRIS[AT]novell.com> {
|
||||||
NCP - NetWare Core Protocol
|
NCP - NetWare Core Protocol
|
||||||
|
}
|
||||||
|
|
||||||
|
Dirk Steinberg <dws[AT]dirksteinberg.de> {
|
||||||
|
Fixes to BGP problems
|
||||||
}
|
}
|
||||||
|
|
||||||
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
||||||
|
|
|
@ -1420,6 +1420,7 @@ B<http://www.ethereal.com>.
|
||||||
Ruud Linders <ruud[AT]lucent.com>
|
Ruud Linders <ruud[AT]lucent.com>
|
||||||
Andrew Esh <Andrew.Esh[AT]tricord.com>
|
Andrew Esh <Andrew.Esh[AT]tricord.com>
|
||||||
Greg Morris <GMORRIS[AT]novell.com>
|
Greg Morris <GMORRIS[AT]novell.com>
|
||||||
|
Dirk Steinberg <dws[AT]dirksteinberg.de>
|
||||||
|
|
||||||
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
|
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
|
||||||
permission to use his version of snprintf.c.
|
permission to use his version of snprintf.c.
|
||||||
|
|
18
packet-bgp.c
18
packet-bgp.c
|
@ -2,7 +2,7 @@
|
||||||
* Routines for BGP packet dissection.
|
* Routines for BGP packet dissection.
|
||||||
* Copyright 1999, Jun-ichiro itojun Hagino <itojun@itojun.org>
|
* Copyright 1999, Jun-ichiro itojun Hagino <itojun@itojun.org>
|
||||||
*
|
*
|
||||||
* $Id: packet-bgp.c,v 1.58 2002/05/21 21:44:28 guy Exp $
|
* $Id: packet-bgp.c,v 1.59 2002/05/21 21:55:46 guy Exp $
|
||||||
*
|
*
|
||||||
* Supports:
|
* Supports:
|
||||||
* RFC1771 A Border Gateway Protocol 4 (BGP-4)
|
* RFC1771 A Border Gateway Protocol 4 (BGP-4)
|
||||||
|
@ -303,10 +303,11 @@ decode_prefix6(tvbuff_t *tvb, gint offset, char *buf, int buflen)
|
||||||
* Decode an MPLS label stack
|
* Decode an MPLS label stack
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
decode_MPLS_stack(tvbuff_t *tvb, gint offset, char *buf, int buflen)
|
decode_MPLS_stack(tvbuff_t *tvb, gint offset, char *buf, size_t buflen)
|
||||||
{
|
{
|
||||||
guint32 label_entry; /* an MPLS label enrty (label + COS field + stack bit */
|
guint32 label_entry; /* an MPLS label enrty (label + COS field + stack bit */
|
||||||
gint index; /* index for the label stack */
|
gint index; /* index for the label stack */
|
||||||
|
char junk_buf[256]; /* tmp */
|
||||||
|
|
||||||
index = offset ;
|
index = offset ;
|
||||||
label_entry = 0x000000 ;
|
label_entry = 0x000000 ;
|
||||||
|
@ -322,8 +323,19 @@ decode_MPLS_stack(tvbuff_t *tvb, gint offset, char *buf, int buflen)
|
||||||
snprintf(buf, buflen, "0 (withdrawn)");
|
snprintf(buf, buflen, "0 (withdrawn)");
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
snprintf(buf, buflen,"%s%u%s", buf, (label_entry >> 4), ((label_entry & 0x000001) == 0) ? "," : " (bottom)");
|
|
||||||
|
snprintf(junk_buf, sizeof(junk_buf),"%u%s", (label_entry >> 4), ((label_entry & 0x000001) == 0) ? "," : " (bottom)");
|
||||||
|
if (strlen(buf) + strlen(junk_buf) + 1 <= buflen)
|
||||||
|
strcat(buf, junk_buf);
|
||||||
index += 3 ;
|
index += 3 ;
|
||||||
|
|
||||||
|
if ((label_entry & 0x000001) == 0) {
|
||||||
|
/* real MPLS multi-label stack in BGP? - maybe later; for now, it must be a bogus packet */
|
||||||
|
strcpy(junk_buf, " (BOGUS: Bottom of Stack NOT set!)");
|
||||||
|
if (strlen(buf) + strlen(junk_buf) + 1 <= buflen)
|
||||||
|
strcat(buf, junk_buf);
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return((index - offset) / 3);
|
return((index - offset) / 3);
|
||||||
|
|
Loading…
Reference in New Issue