Nexthop address length in MpReachNlri is not verified
Bug #1517210 reported by
Nischal Sheth
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R2.20 |
Fix Committed
|
High
|
Nischal Sheth | |||
R2.21.x |
Fix Committed
|
High
|
Nischal Sheth | |||
Trunk |
Fix Committed
|
High
|
Nischal Sheth |
Bug Description
The value of nexthop address length field in MpReachNlri is not verified
in the parser. It simply copies the specified number of bytes into the
BgpMpNlri::nexthop field, which is a vector. This by itself is not unsafe.
Problem is that BgpPeer:
that may be only 4 (Ip4Address:
description: | updated |
description: | updated |
To post a comment you must log in.
Review in progress for https:/ /review. opencontrail. org/15209
Submitter: Nischal Sheth (<email address hidden>)