From 5e57b5fc621300427d3818f0723b8cd8d5e5ca6a Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Fri, 11 Mar 2016 16:28:34 -0500
Subject: quagga: Remove double read of stream

The addition of a MIN(X,Y) with a stream_getc in the Y
causes a double read of the stream due to the way that
MIN is defined.

This fix removes a crash in all protocols.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
---
 ripd/rip_zebra.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'ripd/rip_zebra.c')

diff --git a/ripd/rip_zebra.c b/ripd/rip_zebra.c
index 1411cd71..2670ff7e 100644
--- a/ripd/rip_zebra.c
+++ b/ripd/rip_zebra.c
@@ -135,7 +135,8 @@ rip_zebra_read_ipv4 (int command, struct zclient *zclient, zebra_size_t length,
   unsigned long ifindex;
   struct in_addr nexthop;
   struct prefix_ipv4 p;
-  
+  unsigned char plength = 0;
+
   s = zclient->ibuf;
   ifindex = 0;
   nexthop.s_addr = 0;
@@ -148,7 +149,8 @@ rip_zebra_read_ipv4 (int command, struct zclient *zclient, zebra_size_t length,
   /* IPv4 prefix. */
   memset (&p, 0, sizeof (struct prefix_ipv4));
   p.family = AF_INET;
-  p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, stream_getc (s));
+  plength = stream_getc (s);
+  p.prefixlen = MIN(IPV4_MAX_PREFIXLEN, plength);
   stream_get (&p.prefix, s, PSIZE (p.prefixlen));
 
   /* Nexthop, ifindex, distance, metric. */
-- 
cgit v1.2.3