git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
bgpdump
1
0
Fork 0
Files
Tree: 8076ae421a
Branches Tags
bgpdump
/
debian
/
patches
/
fix-bgp-state-out-of-bonds.patch

fix-bgp-state-out-of-bonds.patch 1.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536 
  1. Description: Fix array out of bond access in process()
    2. 

  2. Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
    3. 

  3. Bug: https://bitbucket.org/ripencc/bgpdump/issue/19/
    4. 

  4. Last-Update: 2016-07-13
    5. 

  5. 

  6.     The current code happily assumes the state value is within the range
    7. 

  7.     of hard-coded values. Handle unknown values gracefully.
    8. 

  8. 

  9. --- a/bgpdump.c
    10. 

  10. +++ b/bgpdump.c
    11. 

  11. @@ -244,6 +244,15 @@
    12. 

  12.  	NULL
    13. 

  13.  };
    14. 

  14.  
    15. 

  15. +static const char *bgp_state_name_lookup(unsigned state, char *buffer) {
    16. 

  16. +    if (state >= sizeof(bgp_state_name)/sizeof(bgp_state_name[0])-1) {
    17. 

  17. +        sprintf(buffer, "Unknown-%u", state);
    18. 

  18. +        return buffer;
    19. 

  19. +    }
    20. 

  20. +    return bgp_state_name[state];
    21. 

  21. +}
    22. 

  22. +
    23. 

  23. +
    24. 

  24.  void process(BGPDUMP_ENTRY *entry) {
    25. 

  25.  
    26. 

  26.  	struct tm *date;
    27. 

  27. @@ -926,7 +935,8 @@
    28. 

  28.  			//	printf(" N/A ");
    29. 

  29.  		    	printf("AS%u\n",entry->body.zebra_state_change.source_as);
    30. 

  30.  
    31. 

  31. -		    	printf("STATE: %s/%s\n",bgp_state_name[entry->body.zebra_state_change.old_state],bgp_state_name[entry->body.zebra_state_change.new_state]);
    32. 

  32. +			char temp1[16], temp2[16];
    33. 

  33. +		    	printf("STATE: %s/%s\n",bgp_state_name_lookup(entry->body.zebra_state_change.old_state,temp1),bgp_state_name_lookup(entry->body.zebra_state_change.new_state,temp2));
    34. 

  34.  		    }
    35. 

  35.  		    else if (mode==1 || mode==2 ) //-m -M
    36. 

  36.  		    {
    37.