diff options
| author | Jorge Boncompte [DTI2] <jorge@dti2.net> | 2013-07-31 16:16:05 +0000 |
|---|---|---|
| committer | David Lamparter <equinox@opensourcerouting.org> | 2014-04-01 17:14:44 +0200 |
| commit | af514777f4327932a3e84f83d79e941967503e15 (patch) | |
| tree | 68ddb2e6dd758b2c50f3a4facea1dfc925460312 /lib | |
| parent | 6d729eeac91578dca29961e0e46f246f33c37f0c (diff) | |
| download | quagga-af514777f4327932a3e84f83d79e941967503e15.tar.bz2 quagga-af514777f4327932a3e84f83d79e941967503e15.tar.xz | |
lib: fix possible off-by-one in stream_put_prefix()
The STREAM_WRITEABLE() call only checks if there is space for the
prefix in the stream but does not account for the prefixlen. The
stream_putc() call reduces available space by 1 and we can end
copying one byte too much and with "endp" off by one if we are
near the buffer end.
Instead of moving the stream_putc() call before STREAM_WRITEABLE(),
we check before hand for the required space, and open-code it. This
avoids a function call and verifying again the stream buffer.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/stream.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/stream.c b/lib/stream.c index ee2920e6..ccd4623f 100644 --- a/lib/stream.c +++ b/lib/stream.c @@ -700,13 +700,13 @@ stream_put_prefix (struct stream *s, struct prefix *p) psize = PSIZE (p->prefixlen); - if (STREAM_WRITEABLE (s) < psize) + if (STREAM_WRITEABLE (s) < (psize + sizeof (u_char))) { STREAM_BOUND_WARN (s, "put"); return 0; } - stream_putc (s, p->prefixlen); + s->data[s->endp++] = p->prefixlen; memcpy (s->data + s->endp, &p->u.prefix, psize); s->endp += psize; |