artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 916d47d)
fix off-by-one in bounds check
authorjsg <jsg@openbsd.org>
Sat, 3 Feb 2024 09:26:52 +0000 (09:26 +0000)
committerjsg <jsg@openbsd.org>
Sat, 3 Feb 2024 09:26:52 +0000 (09:26 +0000)
found by "buffer overflow 'peer->capa.add_path' 7 <= 7" smatch error
ok claudio@

usr.sbin/bgpd/rde_peer.c patch | blob | history

diff --git a/usr.sbin/bgpd/rde_peer.c b/usr.sbin/bgpd/rde_peer.c
index d8a25bf..84e9526 100644 (file)
--- a/usr.sbin/bgpd/rde_peer.c
+++ b/usr.sbin/bgpd/rde_peer.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rde_peer.c,v 1.34 2023/11/07 11:17:35 claudio Exp $ */
+/*     $OpenBSD: rde_peer.c,v 1.35 2024/02/03 09:26:52 jsg Exp $ */
 
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
@@ -47,7 +47,7 @@ peer_has_as4byte(struct rde_peer *peer)
 int
 peer_has_add_path(struct rde_peer *peer, uint8_t aid, int mode)
 {
-       if (aid > AID_MAX)
+       if (aid >= AID_MAX)
                return 0;
        if (aid == AID_UNSPEC) {
                /* check if at capability is set for at least one AID */
OpenBSD src
by Ahmet Artu Yildirim