I believe there is a bug in bgp_attr.c at about line 1860.
The function is bgp_create_pdu(). This bit of code:
p_total_attrib_len = cp;
BGP_PUT_SHORT (0, cp);
start_attr = cp;
doesn't check for the "overflow" state (which is checked
in previous and subsequent code blocks). As a result, this
code can advance cp beyond the maxend, and the program will bail out on a subsequent assert.
My solution for this (you may have a better one) is simply
to place an if ( !overflow ) { } around the offending block
of code.
I could generate a context diff if you prefer.
Cheers,
--steve
Log in to post a comment.
