From 852b7062e33b9886eb869fac8b9354497c49b126 Mon Sep 17 00:00:00 2001
From: Ondrej Zajicek <santiago@crfreenet.org>
Date: Thu, 22 Jul 2010 15:09:35 +0200
Subject: Fixes a buffer overflow in TX code of IPv6 BGP.

---
 nest/rt-table.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nest')

diff --git a/nest/rt-table.c b/nest/rt-table.c
index b525694..f40cc80 100644
--- a/nest/rt-table.c
+++ b/nest/rt-table.c
@@ -354,7 +354,7 @@ rte_validate(rte *e)
   int c;
   net *n = e->net;
 
-  if (ipa_nonzero(ipa_and(n->n.prefix, ipa_not(ipa_mkmask(n->n.pxlen)))))
+  if ((n->n.pxlen > BITS_PER_IP_ADDRESS) || !ip_is_prefix(n->n.prefix,n->n.pxlen))
     {
       log(L_BUG "Ignoring bogus prefix %I/%d received via %s",
 	  n->n.prefix, n->n.pxlen, e->sender->name);
-- 
cgit v1.2.3