Dumb mistake from my side. The rtr_aspa struct is on the stack and only
covers that data up to the spas. The spas are a variable array and not
copied over. So access these from the buf.
Remove the trap of the 0 sized array in spas since it is now unused.
Not entierly happy about that but unless we trust the buf to be aligned
probably the best we can do.
--
:wq Claudio
Index: rtr_proto.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rtr_proto.c,v
retrieving revision 1.14
diff -u -p -r1.14 rtr_proto.c
--- rtr_proto.c 11 Mar 2023 10:04:59 -0000 1.14
+++ rtr_proto.c 17 Mar 2023 10:37:05 -0000
@@ -82,7 +82,6 @@ struct rtr_aspa {
uint8_t afi_flags;
uint16_t cnt;
uint32_t cas;
- uint32_t spas[0];
};
struct rtr_endofdata {
@@ -669,7 +668,10 @@ rtr_parse_aspa(struct rtr_session *rs, u
return -1;
}
for (i = 0; i < cnt; i++) {
- aspa->tas[i] = ntohl(rtr_aspa.spas[i]);
+ uint32_t tas;
+ memcpy(&tas, buf + offset + i * sizeof(tas),
+ sizeof(tas));
+ aspa->tas[i] = ntohl(tas);
aspa->tas_aid[i] = aid;
}
}
