From faaa6f2a34255efb9a4ce36033328bf8153d0d41 Mon Sep 17 00:00:00 2001
From: Pyeole <pyeole@ncsu.edu>
Date: Sat, 29 Aug 2015 15:36:41 -0400
Subject: [PATCH] BGP: fixed incorrect NLRI decoding

Bug: 11308
Change-Id: I967b9596edad1e3656e139d0ca3a0e3c389d80ea
Reviewed-on: https://code.wireshark.org/review/10308
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
---
 AUTHORS                      | 4 ++++
 epan/dissectors/packet-bgp.c | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/AUTHORS b/AUTHORS
index 8b3ccc70b0..15017fa663 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -3661,6 +3661,10 @@ Manuel Hofer <manuel[AT]mnlhfr.at> {
   SSTP Dissection
 }
 
+Pratik Yeole  	<pyeole[AT]ncsu.edu> {
+         Fixed incorrect decoding of Network Layer Reachability Information (NLRI) in BGP UPDATE message with add-path support
+}
+
 and by:
 
 Georgi Guninski		<guninski[AT]guninski.com>
diff --git a/epan/dissectors/packet-bgp.c b/epan/dissectors/packet-bgp.c
index 25f012c7bf..0501f14a58 100644
--- a/epan/dissectors/packet-bgp.c
+++ b/epan/dissectors/packet-bgp.c
@@ -53,6 +53,9 @@
  * Destination Preference Attribute for BGP (work in progress)
  * RFC1863 A BGP/IDRP Route Server alternative to a full mesh routing
  */
+/* (c) Copyright 2015, Pratik Yeole <pyeole@ncsu.edu>
+   -  Fixed incorrect decoding of Network Layer Reachability Information (NLRI) in BGP UPDATE message with add-path support
+ */
 
 #include "config.h"
 
@@ -1718,6 +1721,9 @@ detect_add_path_prefix4(tvbuff_t *tvb, gint offset, gint end) {
     /* Must NOT be compatible with standard BGP */
     for (o = offset; o < end; ) {
         prefix_len = tvb_get_guint8(tvb, o);
+        if( prefix_len == 0) {
+            return 1; /* prefix length is zero (i.e. matching all IP prefixes) and remaining bytes within the NLRI is greater than or equal to 1 - may be BGP add-path */
+        }
         if( prefix_len > 32) {
             return 1; /* invalid prefix length - may be BGP add-path */
         }