From e9097787102442d1db6e1ebfbe07140bf05318a2 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 21 Nov 2018 18:19:04 +0100 Subject: [PATCH] lldp: fix parsing of vlan-name attribute We used to read 3 bytes after the TLV, fix this. Also, check that string length is at most 32 bytes as specified in figure E.3 of IEEE 802.1AB-2009. Fixes: 18133ea1428648781dba74c26dd5d118e8d5ce33 https://bugzilla.redhat.com/show_bug.cgi?id=1652210 --- src/devices/nm-lldp-listener.c | 4 +++- src/devices/tests/test-lldp.c | 5 ++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/devices/nm-lldp-listener.c b/src/devices/nm-lldp-listener.c index f637825b5a..c0484ed30a 100644 --- a/src/devices/nm-lldp-listener.c +++ b/src/devices/nm-lldp-listener.c @@ -534,11 +534,13 @@ lldp_neighbor_new (sd_lldp_neighbor *neighbor_sd, GError **error) l = data8[2]; if (len != 3 + l) continue; + if (l > 32) + continue; _lldp_attr_set_uint32 (neigh->attrs, LLDP_ATTR_ID_IEEE_802_1_VID, _access_uint16 (&data8[0])); _lldp_attr_set_str_ptr (neigh->attrs, LLDP_ATTR_ID_IEEE_802_1_VLAN_NAME, - &data8[3], len); + &data8[3], l); break; } default: diff --git a/src/devices/tests/test-lldp.c b/src/devices/tests/test-lldp.c index c2ac8e19d3..7227d08264 100644 --- a/src/devices/tests/test-lldp.c +++ b/src/devices/tests/test-lldp.c @@ -219,11 +219,10 @@ TEST_RECV_FRAME_DEFINE (_test_recv_data1_frame0, 0x01, 0xe8, 0xfe, 0x07, 0x00, 0x80, 0xc2, 0x02, /* IEEE 802.1 - Port and Protocol VLAN ID */ 0x01, 0x00, 0x00, - 0xfe, 0x17, 0x00, 0x80, 0xc2, 0x03, /* IEEE 802.1 - VLAN Name */ - 0x01, 0xe8, 0x10, 0x76, 0x32, 0x2d, + 0xfe, 0x16, 0x00, 0x80, 0xc2, 0x03, /* IEEE 802.1 - VLAN Name */ + 0x01, 0xe8, 0x0f, 0x76, 0x32, 0x2d, 0x30, 0x34, 0x38, 0x38, 0x2d, 0x30, 0x33, 0x2d, 0x30, 0x35, 0x30, 0x35, - 0x00, 0xfe, 0x05, 0x00, 0x80, 0xc2, 0x04, /* IEEE 802.1 - Protocol Identity */ 0x00, 0x00, 0x00 /* End of LLDPDU */