[PATCH] babel: Check TLV framing before dereferencing tlv->type
Toke Høiland-Jørgensen
toke at toke.dk
Wed Jul 11 22:13:24 CEST 2018
Ondrej Zajicek <santiago at crfreenet.org> writes:
> On Tue, Jul 10, 2018 at 11:56:40PM +0200, Toke Høiland-Jørgensen wrote:
>> Signed-off-by: Toke Høiland-Jørgensen <toke at toke.dk>
>
> Hi
>
> I think that the current position is correct and the patch is not - the
> follow-up code ('The end of the common TLV header') checks for full
> 2-byte TLV header, while BABEL_TLV_PAD1 is just 1-byte padding.
Yeah, you're right; sorry for the noise. Guess I was seeing things after
looking at too many bounds check constructs last night :)
-Toke
More information about the Bird-users
mailing list