isisd: fix memory-related issues and RFC-violations #20333
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit fix several issues in isis_tlvs.c including potential memory leak, unsigned integer underflow, and RFC violations. 1. In function `unpack_item_ext_subtlv_asla`, add `XFREE` for alsa in multiple error branches. 2. In function `unpack_item_ext_subtlv_asla`, add a check before subtracting `subsubtlv_len` from `readable`, because some case branches do not have checks against `subsubtlv_len`. 3. In function `unpack_item_ext_subtlv_asla` and `unpack_item_ext_subtlvs`, add a check to skip remaining bytes if `subtlv_len` or `subsubtlv_len` is not divisible by 4. This check is to make sure that the buffer sync with `sum`. 4. In function `unpack_tlv_router_cap`, free the previous `rcap->fads[fad->fad.algorithm]` if the slot is already allocated to prevent memory leak. 5. In function `unpack_subsubtlv_srv6_sid_structure`, add a check that four sizes' sum must be less than or equal to 128, as RFC stated. Signed-off-by: spademomo <realdingzhen@proton.me>
donaldsharp
reviewed
Dec 27, 2025
Member
|
while you are in there fix the verify source issue pointed out as well. All of this looks pretty reasonable otherwise |
Signed-off-by: spademomo <realdingzhen@proton.me>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit fix several issues in isis_tlvs.c including potential memory leak, unsigned integer underflow, and RFC violations.
unpack_item_ext_subtlv_asla, addXFREEfor alsa in multiple error branches.unpack_item_ext_subtlv_asla, add a check before subtractingsubsubtlv_lenfromreadable, because some case branches do not have checks againstsubsubtlv_len.unpack_item_ext_subtlv_aslaandunpack_item_ext_subtlvs, add a check to skip remaining bytes ifsubtlv_lenorsubsubtlv_lenis not divisible by 4. This check is to make sure that the buffer sync withsum.unpack_tlv_router_cap, free the previousrcap->fads[fad->fad.algorithm]if the slot is already allocated to prevent memory leak.unpack_subsubtlv_srv6_sid_structure, add a check that four sizes' sum must be less than or equal to 128, as RFC stated.