diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2005-12-08 15:55:27 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2005-12-08 15:55:27 +0000 |
| commit | 445b9be3a7cab563ed5857b46ba58f3eb9fd7d11 (patch) | |
| tree | 16516dd4ad1110e83ee5f6c3501af709248154dc /usr.sbin/bgpd | |
| parent | 3ab4cd4710ea1532a3cb65ecef71cfc0cb494289 (diff) | |
When parsing open messages enforce that the optional parameter length is
equal to the size of the rest of the message and not only enforcing that
no overflow happens. Found via regress test. OK henning@
Diffstat (limited to 'usr.sbin/bgpd')
| -rw-r--r-- | usr.sbin/bgpd/session.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index 6b1205b129f..cc3df29caf1 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.238 2005/11/01 10:58:29 claudio Exp $ */ +/* $OpenBSD: session.c,v 1.239 2005/12/08 15:55:26 claudio Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org> @@ -1773,7 +1773,7 @@ parse_open(struct peer *peer) memcpy(&optparamlen, p, sizeof(optparamlen)); p += sizeof(optparamlen); - if (optparamlen > msglen - MSGSIZE_OPEN_MIN) { + if (optparamlen != msglen - MSGSIZE_OPEN_MIN) { log_peer_warnx(&peer->conf, "corrupt OPEN message received: length mismatch"); session_notification(peer, ERR_OPEN, 0, NULL, 0); |