From bd471fea4ec965c71d6c2201745995092fbc36f6 Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Thu, 15 Mar 2012 11:30:00 +0000 Subject: bgpd: malformed attribute error that can still proceed should fixup getp * bgp_attr.c: (bgp_attr_malformed) When a malformed attribute error can be ignored, and BGP message processing may still proceed, the stream getp should be adjusted to the end of the attribute - the caller may not have consumed all the attribute. Problem noted by Martin Winter in bug 678. Also, rename the 'startp' local to 'notify_datap', for clarity. --- bgpd/bgp_attr.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index b02cfee3..d204cec1 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -719,17 +719,24 @@ bgp_attr_malformed (struct bgp_attr_parser_args *args, u_char subcode, * send the attribute data with the NOTIFY depends on the error, * the caller therefore signals this with the seperate length argument */ - u_char *startp = (length > 0 ? args->startp : NULL); + u_char *notify_datap = (length > 0 ? args->startp : NULL); /* Only relax error handling for eBGP peers */ if (peer_sort (peer) != BGP_PEER_EBGP) { bgp_notify_send_with_data (peer, BGP_NOTIFY_UPDATE_ERR, subcode, - startp, length); + notify_datap, length); return BGP_ATTR_PARSE_ERROR; } + /* Adjust the stream getp to the end of the attribute, in case we can + * still proceed but the caller hasn't read all the attribute. + */ + stream_set_getp (BGP_INPUT (peer), + (args->startp - STREAM_DATA (BGP_INPUT (peer))) + + args->total); + switch (args->type) { /* where an optional attribute is inconsequential, e.g. it does not affect * route selection, and can be safely ignored then any such attributes @@ -756,7 +763,7 @@ bgp_attr_malformed (struct bgp_attr_parser_args *args, u_char subcode, case BGP_ATTR_MP_UNREACH_NLRI: case BGP_ATTR_EXT_COMMUNITIES: bgp_notify_send_with_data (peer, BGP_NOTIFY_UPDATE_ERR, subcode, - startp, length); + notify_datap, length); return BGP_ATTR_PARSE_ERROR; } -- cgit v1.2.1