aboutsummaryrefslogtreecommitdiffstats
path: root/main/quagga/CVE-2017-16227.patch
blob: 17a7c7e0f6f12f107c914f0aa986bcf40f07e0ca (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
From 7a42b78be9a4108d98833069a88e6fddb9285008 Mon Sep 17 00:00:00 2001
From: Andreas Jaggi <aj@open.ch>
Date: Mon, 2 Oct 2017 19:38:43 +0530
Subject: bgpd: Fix AS_PATH size calculation for long paths

If you have an AS_PATH with more entries than
what can be written into a single AS_SEGMENT_MAX
it needs to be broken up.  The code that noticed
that the AS_PATH needs to be broken up was not
correctly calculating the size of the resulting
message.  This patch addresses this issue.
---
 bgpd/bgp_aspath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bgpd/bgp_aspath.c b/bgpd/bgp_aspath.c
index b7af5e8..d813bfb 100644
--- a/bgpd/bgp_aspath.c
+++ b/bgpd/bgp_aspath.c
@@ -903,7 +903,7 @@ aspath_put (struct stream *s, struct aspath *as, int use32bit )
               assegment_header_put (s, seg->type, AS_SEGMENT_MAX);
               assegment_data_put (s, seg->as, AS_SEGMENT_MAX, use32bit);
               written += AS_SEGMENT_MAX;
-              bytes += ASSEGMENT_SIZE (written, use32bit);
+              bytes += ASSEGMENT_SIZE (AS_SEGMENT_MAX, use32bit);
             }
           
           /* write the final segment, probably is also the first */
-- 
cgit v1.0-41-gc330