On Mon, Oct 23, 2023 at 12:50:39PM +0200, Claudio Jeker wrote: > So flowspec_get_addr() in the IPv6 case is utterly complicated.
Indeed. It would probably be worthwhile to add a bit of regress exercising the branches of this function. > Since matching can be done on some sub-part of the prefix. > So there is this shift_right() call that moves takes care of this special > offset. > > Now the shift_right call uses *olen but should actually use xoff instead. > *olen is set much later in the code. much = 3 lines? :) > This should fix: > https://github.com/openbgpd-portable/openbgpd-portable/security/code-scanning/2 Indeed. ok > -- > :wq Claudio > > Index: flowspec.c > =================================================================== > RCS file: /cvs/src/usr.sbin/bgpd/flowspec.c,v > retrieving revision 1.4 > diff -u -p -r1.4 flowspec.c > --- flowspec.c 19 Apr 2023 09:31:58 -0000 1.4 > +++ flowspec.c 23 Oct 2023 10:44:22 -0000 > @@ -366,7 +366,7 @@ flowspec_get_addr(const uint8_t *flow, i > if (extract_prefix(comp + 2, complen - 2, buf, xlen, > sizeof(buf)) == -1) > return -1; > - shift_right(addr->v6.s6_addr, buf, *olen, xlen); > + shift_right(addr->v6.s6_addr, buf, xoff, xlen); > *plen = comp[0]; > if (olen != NULL) > *olen = comp[1]; >