int ins_count = 0;
while (buflen > offset) {
+ if (offset + (int)sizeof(struct bsmmsg_grpinfo) > buflen) {
+ if (PIM_DEBUG_BSM)
+ zlog_debug(
+ "%s: buflen received %d is less than the internal data structure of the packet would suggest",
+ __PRETTY_FUNCTION__, buflen);
+ return false;
+ }
/* Extract Group tlv from BSM */
memcpy(&grpinfo, buf, sizeof(struct bsmmsg_grpinfo));
}
group.family = AF_INET;
+ if (grpinfo.group.mask > IPV4_MAX_BITLEN) {
+ if (PIM_DEBUG_BSM)
+ zlog_debug("%s, v4 prefix length specified: %d is too long",
+ __PRETTY_FUNCTION__, grpinfo.group.mask);
+ return false;
+ }
group.prefixlen = grpinfo.group.mask;
group.u.prefix4.s_addr = grpinfo.group.addr.s_addr;
ins_count = 0;
while (frag_rp_cnt--) {
+ if (offset + (int)sizeof(struct bsmmsg_rpinfo)
+ > buflen) {
+ if (PIM_DEBUG_BSM)
+ zlog_debug(
+ "%s, buflen received: %u is less than the internal data structure of the packet would suggest",
+ __PRETTY_FUNCTION__, buflen);
+ return false;
+ }
+
/* Extract RP address tlv from BSM */
memcpy(&rpinfo, buf, sizeof(struct bsmmsg_rpinfo));
rpinfo.rp_holdtime = ntohs(rpinfo.rp_holdtime);
return -1;
}
+ if (buf_size < sizeof(struct bsm_hdr)) {
+ if (PIM_DEBUG_BSM)
+ zlog_debug("%s: received buffer length of %d which is too small to properly decode",
+ __PRETTY_FUNCTION__, buf_size);
+ return -1;
+ }
+
bshdr = (struct bsm_hdr *)(buf + PIM_MSG_HEADER_LEN);
pim_inet4_dump("<bsr?>", bshdr->bsr_addr.addr, bsr_str,
sizeof(bsr_str));
&& (source_flags & PIM_WILDCARD_BIT_MASK)) {
struct pim_rpf *rp = RP(pim_ifp->pim, sg->grp);
+ if (!rp) {
+ zlog_warn("%s: Lookup of RP failed for %pSG4",
+ __PRETTY_FUNCTION__, sg);
+ return;
+ }
/*
* If the RP sent in the message is not
* our RP for the group, drop the message
&& (source_flags & PIM_WILDCARD_BIT_MASK)) {
struct pim_rpf *rp = RP(pim_ifp->pim, sg->grp);
+ if (!rp) {
+ if (PIM_DEBUG_PIM_TRACE)
+ zlog_debug("%s: RP for %pSG4 completely failed lookup",
+ __PRETTY_FUNCTION__, sg);
+ return;
+ }
// Ignoring Prune *,G's at the moment.
if (sg->src.s_addr != rp->rpf_addr.u.prefix4.s_addr)
return;
rp_info = pim_rp_find_match_group(pim, &g);
- if ((pim_rpf_addr_is_inaddr_none(&rp_info->rp))
- && (source.s_addr == INADDR_ANY)) {
+ if (!rp_info || ((pim_rpf_addr_is_inaddr_none(&rp_info->rp))
+ && (source.s_addr == INADDR_ANY))) {
if (PIM_DEBUG_PIM_NHT_RP)
zlog_debug("%s: Received a (*,G) with no RP configured",
__PRETTY_FUNCTION__);
if (type) {
zlog_warn(
- "%s: unknown source address encoding type=%d: %02x%02x%02x%02x%02x%02x%02x%02x",
+ "%s: unknown source address encoding type=%d: %02x%02x%02x%02x",
__PRETTY_FUNCTION__, type, buf[0], buf[1], buf[2],
- buf[3], buf[4], buf[5], buf[6], buf[7]);
+ buf[3]);
return -2;
}
break;
default: {
zlog_warn(
- "%s: unknown source address encoding family=%d: %02x%02x%02x%02x%02x%02x%02x%02x",
+ "%s: unknown source address encoding family=%d: %02x%02x%02x%02x",
__PRETTY_FUNCTION__, family, buf[0], buf[1], buf[2],
- buf[3], buf[4], buf[5], buf[6], buf[7]);
+ buf[3]);
return -5;
}
}