search

jech / babeld

The Babel routing daemon
http://www.irif.fr/~jch/software/babel/
MIT License
385 stars 92 forks source link

incorrect checkings in babel #107

Closed zmw12306 closed 1 year ago

zmw12306 commented 1 year ago

https://github.com/jech/babeld/blob/b20b3d2afe10d2ad77ec9fd9e676f683590d00d4/message.c#L451 should check i+2 > bodylen

Also, https://github.com/jech/babeld/blob/b20b3d2afe10d2ad77ec9fd9e676f683590d00d4/message.c#L618 When receive truncate packet, can consider directly return error.

Thanks

jech commented 1 year ago

should check i+2 > bodylen

Thanks, fixed in 417024f

When receive truncate packet, can consider directly return error.

Yes, that would be a reasonable thing to do. What we do now is that we act upon the uncorrupted part of the packet. I don't think it matters much.