Paranoia check. Make sure that the 2 len bytes are actually available.

Another easy M hiding in my bgp source forest.
author: claudio <claudio@openbsd.org> 2008-06-15 10:03:46 +0000
committer: claudio <claudio@openbsd.org> 2008-06-15 10:03:46 +0000
commit: ec7db0147fb0ed80a427ae389a8e09773b0ef750 (patch)
tree: 8ccd7ade43a34e1610834b2708141cb6b562cc08
parent: Fix minor mem leak in case parse_addr() fails. (diff)
download: wireguard-openbsd-ec7db0147fb0ed80a427ae389a8e09773b0ef750.tar.xz
wireguard-openbsd-ec7db0147fb0ed80a427ae389a8e09773b0ef750.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c
index 6a60a485e81..c6944b30e43 100644
--- a/usr.sbin/bgpd/rde.c
+++ b/usr.sbin/bgpd/rde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.231 2008/05/02 13:49:34 claudio Exp $ */
+/*	$OpenBSD: rde.c,v 1.232 2008/06/15 10:03:46 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -748,6 +748,11 @@ rde_update_dispatch(struct imsg *imsg)
 
 	p = imsg->data;
 
+	if (imsg->hdr.len < IMSG_HEADER_SIZE + 2) {
+		rde_update_err(peer, ERR_UPDATE, ERR_UPD_ATTRLIST, NULL, 0);
+		return (-1);
+	}
+
 	memcpy(&len, p, 2);
 	withdrawn_len = ntohs(len);
 	p += 2;
author	claudio <claudio@openbsd.org>	2008-06-15 10:03:46 +0000
committer	claudio <claudio@openbsd.org>	2008-06-15 10:03:46 +0000
commit	ec7db0147fb0ed80a427ae389a8e09773b0ef750 (patch)
tree	8ccd7ade43a34e1610834b2708141cb6b562cc08
parent	Fix minor mem leak in case parse_addr() fails. (diff)
download	wireguard-openbsd-ec7db0147fb0ed80a427ae389a8e09773b0ef750.tar.xz wireguard-openbsd-ec7db0147fb0ed80a427ae389a8e09773b0ef750.zip