From 852b7062e33b9886eb869fac8b9354497c49b126 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Thu, 22 Jul 2010 15:09:35 +0200 Subject: Fixes a buffer overflow in TX code of IPv6 BGP. --- proto/bgp/packets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'proto') diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index 6e23022..ba43cd2 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -219,7 +219,7 @@ bgp_encode_prefixes(struct bgp_proto *p, byte *w, struct bgp_bucket *buck, unsig ip_addr a; int bytes; - while (!EMPTY_LIST(buck->prefixes) && remains >= 5) + while (!EMPTY_LIST(buck->prefixes) && remains >= (1+sizeof(ip_addr))) { struct bgp_prefix *px = SKIP_BACK(struct bgp_prefix, bucket_node, HEAD(buck->prefixes)); DBG("\tDequeued route %I/%d\n", px->n.prefix, px->n.pxlen); -- cgit v1.2.3