From 6c4df70373fa640a7f068d4e1b563621b67c0d2b Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sat, 3 Sep 2011 21:59:40 +0200 Subject: Fixes possible buffer overflow when printing BGP attributes. Thanks to Alexander V. Chernikov for the patch. --- proto/bgp/attrs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index 59d8a8c..2832f42 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -1576,16 +1576,18 @@ bgp_get_attr(eattr *a, byte *buf, int buflen) { unsigned int i = EA_ID(a->id); struct attr_desc *d; + int len; if (ATTR_KNOWN(i)) { d = &bgp_attr_table[i]; - buf += bsprintf(buf, "%s", d->name); + len = bsprintf(buf, "%s", d->name); + buf += len; if (d->format) { *buf++ = ':'; *buf++ = ' '; - d->format(a, buf, buflen); + d->format(a, buf, buflen - len - 2); return GA_FULL; } return GA_NAME; -- cgit v1.2.3