Skip to content

Commit

Permalink
ospfd: Fix heap corruption vulnerability when parsing SR-Algorithm TLV
Browse files Browse the repository at this point in the history
When parsing the SR-Algorithm TLV in the OSPF Router Information Opaque
LSA, assure that not more than the maximum number of supported
algorithms are copied from the TLV.

Signed-off-by: Acee Lindem <[email protected]>
  • Loading branch information
aceelindem committed Sep 18, 2024
1 parent 5ae0b26 commit 0dc9691
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion ospfd/ospf_sr.c
Original file line number Diff line number Diff line change
Expand Up @@ -1459,7 +1459,8 @@ void ospf_sr_ri_lsa_update(struct ospf_lsa *lsa)
/* Update Algorithm, SRLB and MSD if present */
if (algo != NULL) {
int i;
for (i = 0; i < ntohs(algo->header.length); i++)
for (i = 0;
i < ntohs(algo->header.length) && i < ALGORITHM_COUNT; i++)
srn->algo[i] = algo->value[0];
for (; i < ALGORITHM_COUNT; i++)
srn->algo[i] = SR_ALGORITHM_UNSET;
Expand Down

0 comments on commit 0dc9691

Please sign in to comment.