bgpd: malformed attribute error that can still proceed should fixup getp
* bgp_attr.c: (bgp_attr_malformed) When a malformed attribute error can be
ignored, and BGP message processing may still proceed, the stream getp
should be adjusted to the end of the attribute - the caller may not have
consumed all the attribute. Problem noted by Martin Winter in bug 678.
Also, rename the 'startp' local to 'notify_datap', for clarity.
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index b02cfee..d204cec 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -719,17 +719,24 @@
* send the attribute data with the NOTIFY depends on the error,
* the caller therefore signals this with the seperate length argument
*/
- u_char *startp = (length > 0 ? args->startp : NULL);
+ u_char *notify_datap = (length > 0 ? args->startp : NULL);
/* Only relax error handling for eBGP peers */
if (peer_sort (peer) != BGP_PEER_EBGP)
{
bgp_notify_send_with_data (peer, BGP_NOTIFY_UPDATE_ERR, subcode,
- startp, length);
+ notify_datap, length);
return BGP_ATTR_PARSE_ERROR;
}
+ /* Adjust the stream getp to the end of the attribute, in case we can
+ * still proceed but the caller hasn't read all the attribute.
+ */
+ stream_set_getp (BGP_INPUT (peer),
+ (args->startp - STREAM_DATA (BGP_INPUT (peer)))
+ + args->total);
+
switch (args->type) {
/* where an optional attribute is inconsequential, e.g. it does not affect
* route selection, and can be safely ignored then any such attributes
@@ -756,7 +763,7 @@
case BGP_ATTR_MP_UNREACH_NLRI:
case BGP_ATTR_EXT_COMMUNITIES:
bgp_notify_send_with_data (peer, BGP_NOTIFY_UPDATE_ERR, subcode,
- startp, length);
+ notify_datap, length);
return BGP_ATTR_PARSE_ERROR;
}