From: claudio Date: Tue, 9 Apr 2024 12:40:01 +0000 (+0000) Subject: Limit the number of provider ASnumbers to MAX_ASPA_SPAS_COUNT (10'000) X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0ff3951c8041dba7ab13a22afe8248411c273a86;p=openbsd Limit the number of provider ASnumbers to MAX_ASPA_SPAS_COUNT (10'000) in the parser as well. OK tb@ --- diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 646bf967141..9c2a7c9d5e6 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.459 2024/04/09 09:03:18 claudio Exp $ */ +/* $OpenBSD: parse.y,v 1.460 2024/04/09 12:40:01 claudio Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer @@ -5482,8 +5482,8 @@ merge_aspa_set(uint32_t as, struct aspa_tas_l *tas, time_t expires) RB_INSERT(aspa_tree, &conf->aspa, aspa); } - if (UINT32_MAX - aspa->num <= tas->num) { - yyerror("aspa_set overflow"); + if (MAX_ASPA_SPAS_COUNT - aspa->num <= tas->num) { + yyerror("too many providers for customer-as %u", as); return -1; } num = aspa->num + tas->num; @@ -5500,6 +5500,7 @@ merge_aspa_set(uint32_t as, struct aspa_tas_l *tas, time_t expires) aspa->num = num; aspa->tas = newtas; + /* take the longest expiry time, same logic as for ROA entries */ if (aspa->expires != 0 && expires != 0 && expires > aspa->expires) aspa->expires = expires;