From: Guy Harris <gharris@sonic.net>
Date: Mon, 15 Nov 2021 22:33:10 +0000 (-0800)
Subject: BGP: make sure the path attributes don't go past the end of the packet.
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/f21edaed159942cb763f2ef1925bb411cfce5e2f

BGP: make sure the path attributes don't go past the end of the packet.

This fixes some undefined behavior in which we subtract the remaining
length of the path attributes from the remaining length of the packet,
where the former is greater than the latter and they're both unsigned.
---

diff --git a/print-bgp.c b/print-bgp.c
index 4404b026..0a09d9c2 100644
--- a/print-bgp.c
+++ b/print-bgp.c
@@ -2804,6 +2804,9 @@ bgp_update_print(netdissect_options *ndo,
     }
 
     if (len) {
+        /* Make sure the path attributes don't go past the end of the packet */
+        if (length < len)
+            goto trunc;
         /* do something more useful!*/
         while (len) {
             uint8_t aflags, atype, alenlen;