summaryrefslogtreecommitdiffstats
path: root/bgpd/bgp_msg_read.c
diff options
context:
space:
mode:
Diffstat (limited to 'bgpd/bgp_msg_read.c')
-rw-r--r--bgpd/bgp_msg_read.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/bgpd/bgp_msg_read.c b/bgpd/bgp_msg_read.c
index fbc163d7..9b02fddc 100644
--- a/bgpd/bgp_msg_read.c
+++ b/bgpd/bgp_msg_read.c
@@ -53,14 +53,22 @@ static void bgp_msg_capability_receive(bgp_connection connection,
bgp_size_t body_size) ;
/*------------------------------------------------------------------------------
- * Get BGP message length, given a pointer to the start of a message
+ * Get BGP message length, given a pointer to the start of a message.
+ *
+ * Make sure things are kosher.
*/
extern bgp_size_t
-bgp_msg_get_mlen(uint8_t* p)
+bgp_msg_get_mlen(uint8_t* p, uint8_t* limit)
{
- return (*(p + BGP_MH_MARKER_L)) + (*(p + BGP_MH_MARKER_L + 1) << 8) ;
-} ;
+ uint16_t mlen ;
+ passert((p + BGP_MH_HEAD_L) <= limit) ;
+
+ mlen = (*(p + BGP_MH_MARKER_L)) + (*(p + BGP_MH_MARKER_L + 1) << 8) ;
+ passert((p + mlen) <= limit) ;
+
+ return mlen ;
+} ;
/*==============================================================================
* Header validation and sexing of messages
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 17:54:38 +0000