Merge pull request #6385 from GalaxyGorilla/bfd_igp_topotest

[mirror_frr.git] / pimd / mtracebis.c

diff --git a/pimd/mtracebis.c b/pimd/mtracebis.c
index 731fdb1beb5c5e71f9d382820e30439549a41c0d..1b812de92c72068729406af6f29a397b07d4032e 100644 (file)
--- a/pimd/mtracebis.c
+++ b/pimd/mtracebis.c
@@ -17,6 +17,8 @@
  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include <zebra.h>
+
 #ifdef __linux__
 
 #include "pim_igmp_mtrace.h"
@@ -106,7 +108,7 @@ static const char *rtg_proto_str(enum mtrace_rtg_proto proto)
        case MTRACE_RTG_PROTO_PIM_ASSERT:
                return "PIM assert";
        default:
-               sprintf(buf, "unknown protocol (%d)", proto);
+               snprintf(buf, sizeof(buf), "unknown protocol (%d)", proto);
                return buf;
        }
 }
@@ -159,7 +161,7 @@ static const char *fwd_code_str(enum mtrace_fwd_code code)
        case MTRACE_FWD_CODE_ADMIN_PROHIB:
                return "admin. prohib.";
        default:
-               sprintf(buf, "unknown fwd. code (%d)", code);
+               snprintf(buf, sizeof(buf), "unknown fwd. code (%d)", code);
                return buf;
        }
 }
@@ -266,6 +268,8 @@ static int recv_response(int fd, int *hops, struct igmp_mtrace *mtracer)
        int mtrace_len;
        int responses;
        unsigned short sum;
+       size_t mtrace_off;
+       size_t ip_len;
 
        recvd = recvfrom(fd, mtrace_buf, IP_AND_MTRACE_BUF_LEN, 0, NULL, 0);
 
@@ -292,17 +296,20 @@ static int recv_response(int fd, int *hops, struct igmp_mtrace *mtracer)
        if (sum != in_cksum(ip, ip->ip_hl * 4))
                return -1;
 
-       mtrace = (struct igmp_mtrace *)(mtrace_buf + (4 * ip->ip_hl));
-
-       mtrace_len = ntohs(ip->ip_len) - ip->ip_hl * 4;
-
-       if ((char *)mtrace + mtrace_len
-           > (char *)mtrace_buf + IP_AND_MTRACE_BUF_LEN)
+       /* Header overflow check */
+       mtrace_off = 4 * ip->ip_hl;
+       if (mtrace_off > MTRACE_BUF_LEN)
                return -1;
 
-       if (mtrace_len < (int)MTRACE_HDR_SIZE)
+       /* Underflow/overflow check */
+       ip_len = ntohs(ip->ip_len);
+       if (ip_len < mtrace_off || ip_len < MTRACE_HDR_SIZE
+           || ip_len > MTRACE_BUF_LEN)
                return -1;
 
+       mtrace_len = ip_len - mtrace_off;
+       mtrace = (struct igmp_mtrace *)(mtrace_buf + mtrace_off);
+
        sum = mtrace->checksum;
        mtrace->checksum = 0;
        if (sum != in_cksum(mtrace, mtrace_len)) {
@@ -336,7 +343,7 @@ static int wait_for_response(int fd, int *hops, struct igmp_mtrace *mtrace,
 {
        fd_set readfds;
        struct timeval timeout;
-       int ret = -1;
+       int ret;
        long msec, rmsec, tmsec;
 
        FD_ZERO(&readfds);
@@ -441,7 +448,7 @@ int main(int argc, char *const argv[])
                exit(EXIT_FAILURE);
        }
 
-       mc_group.s_addr = 0;
+       mc_group.s_addr = INADDR_ANY;
        not_group = false;
 
        if (argc == 3) {