diff options
| author | Ondrej Zajicek <santiago@crfreenet.org> | 2011-09-03 21:59:40 +0200 |
|---|---|---|
| committer | Ondrej Zajicek <santiago@crfreenet.org> | 2011-09-03 21:59:40 +0200 |
| commit | 6c4df70373fa640a7f068d4e1b563621b67c0d2b (patch) | |
| tree | b9d554323069dd1027cd2cd167d8c5918d16b634 | |
| parent | 2918e61046388821c3d4411c602dc5b28ad59329 (diff) | |
| download | bird-6c4df70373fa640a7f068d4e1b563621b67c0d2b.tar bird-6c4df70373fa640a7f068d4e1b563621b67c0d2b.zip | |
Fixes possible buffer overflow when printing BGP attributes.
Thanks to Alexander V. Chernikov for the patch.
| -rw-r--r-- | proto/bgp/attrs.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index 59d8a8c..2832f42 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -1576,16 +1576,18 @@ bgp_get_attr(eattr *a, byte *buf, int buflen) { unsigned int i = EA_ID(a->id); struct attr_desc *d; + int len; if (ATTR_KNOWN(i)) { d = &bgp_attr_table[i]; - buf += bsprintf(buf, "%s", d->name); + len = bsprintf(buf, "%s", d->name); + buf += len; if (d->format) { *buf++ = ':'; *buf++ = ' '; - d->format(a, buf, buflen); + d->format(a, buf, buflen - len - 2); return GA_FULL; } return GA_NAME; |