Merge pull request FRRouting#16862 from FRRouting/mergify/bp/stable/1…

…0.1/pr-16860 ospfd: Fix heap corruption vulnerability when parsing SR-Algorithm TLV (backport FRRouting#16860)
opensourcerouting · Sep 19, 2024 · a4c96c6 · a4c96c6
2 parents a099561 + 9da0298
commit a4c96c6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/ospfd/ospf_sr.c b/ospfd/ospf_sr.c
@@ -1459,7 +1459,8 @@ void ospf_sr_ri_lsa_update(struct ospf_lsa *lsa)
 	/* Update Algorithm, SRLB and MSD if present */
 	if (algo != NULL) {
 		int i;
-		for (i = 0; i < ntohs(algo->header.length); i++)
+		for (i = 0;
+		     i < ntohs(algo->header.length) && i < ALGORITHM_COUNT; i++)
 			srn->algo[i] = algo->value[0];
 		for (; i < ALGORITHM_COUNT; i++)
 			srn->algo[i] = SR_ALGORITHM_UNSET;