From 1e47e4f6674b8156fed6efa602166d155c7734f7 Mon Sep 17 00:00:00 2001
From: ISHIDA Wataru <ishida.wataru@lab.ntt.co.jp>
Date: Thu, 26 May 2016 07:51:10 +0000
Subject: bgp: check buf length before parsing graceful-restart capability

Signed-off-by: ISHIDA Wataru <ishida.wataru@lab.ntt.co.jp>
---
 packet/bgp/bgp.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'packet/bgp/bgp.go')

diff --git a/packet/bgp/bgp.go b/packet/bgp/bgp.go
index 51453bb8..f89f547e 100644
--- a/packet/bgp/bgp.go
+++ b/packet/bgp/bgp.go
@@ -354,6 +354,9 @@ type CapGracefulRestart struct {
 func (c *CapGracefulRestart) DecodeFromBytes(data []byte) error {
 	c.DefaultParameterCapability.DecodeFromBytes(data)
 	data = data[2:]
+	if len(data) < 2 {
+		return NewMessageError(BGP_ERROR_OPEN_MESSAGE_ERROR, BGP_ERROR_SUB_UNSUPPORTED_CAPABILITY, nil, "Not all CapabilityGracefulRestart bytes available")
+	}
 	restart := binary.BigEndian.Uint16(data[0:2])
 	c.Flags = uint8(restart >> 12)
 	c.Time = restart & 0xfff
-- 
cgit v1.2.3