Skip to content

Commit df70351

Browse files
donaldsharpdonaldsharp
authored
Merge pull request #22171 from FRRouting/mergify/bp/stable/10.5/pr-22081
bgpd: Avoid cluster list attribute truncation (backport #22081)
2 parents 0bc6151 + c68a460 commit df70351

1 file changed

Lines changed: 30 additions & 19 deletions

File tree

bgpd/bgp_attr.c

Lines changed: 30 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -5342,27 +5342,38 @@ bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer, struct strea
53425342
stream_put_in_addr(s, &from->remote_id);
53435343

53445344
/* Cluster list. */
5345-
stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
5346-
stream_putc(s, BGP_ATTR_CLUSTER_LIST);
5347-
5348-
if (cluster) {
5349-
stream_putc(s, cluster->length + 4);
5350-
/* If this peer configuration's parent BGP has
5351-
* cluster_id. */
5352-
if (CHECK_FLAG(bgp->config, BGP_CONFIG_CLUSTER_ID))
5353-
stream_put_in_addr(s, &bgp->cluster_id);
5354-
else
5355-
stream_put_in_addr(s, &bgp->router_id);
5356-
stream_put(s, cluster->list, cluster->length);
5345+
/* RFC 4271 4.3 says:
5346+
* The fourth high-order bit (bit 3) of the Attribute Flags octet
5347+
* is the Extended Length bit. It defines whether the Attribute
5348+
* Length is one octet (if set to 0) or two octets (if set to 1).
5349+
*
5350+
* If the Extended Length bit of the Attribute Flags octet is set
5351+
* to 0, the third octet of the Path Attribute contains the length
5352+
* of the attribute data in octets.
5353+
*
5354+
* If the Extended Length bit of the Attribute Flags octet is set
5355+
* to 1, the third and fourth octets of the path attribute contain
5356+
* the length of the attribute data in octets.
5357+
*/
5358+
if (cluster && cluster->length + 4 > 255) {
5359+
stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_EXTLEN);
5360+
stream_putc(s, BGP_ATTR_CLUSTER_LIST);
5361+
stream_putw(s, cluster->length + 4);
53575362
} else {
5358-
stream_putc(s, 4);
5359-
/* If this peer configuration's parent BGP has
5360-
* cluster_id. */
5361-
if (CHECK_FLAG(bgp->config, BGP_CONFIG_CLUSTER_ID))
5362-
stream_put_in_addr(s, &bgp->cluster_id);
5363-
else
5364-
stream_put_in_addr(s, &bgp->router_id);
5363+
stream_putc(s, BGP_ATTR_FLAG_OPTIONAL);
5364+
stream_putc(s, BGP_ATTR_CLUSTER_LIST);
5365+
stream_putc(s, cluster ? cluster->length + 4 : 4);
53655366
}
5367+
5368+
/* If this peer configuration's parent BGP has
5369+
* cluster_id. */
5370+
if (CHECK_FLAG(bgp->config, BGP_CONFIG_CLUSTER_ID))
5371+
stream_put_in_addr(s, &bgp->cluster_id);
5372+
else
5373+
stream_put_in_addr(s, &bgp->router_id);
5374+
5375+
if (cluster)
5376+
stream_put(s, cluster->list, cluster->length);
53665377
}
53675378

53685379
/* Extended IPv6/Communities attributes. */

0 commit comments

Comments
 (0)