Merge pull request #20222 from opensourcerouting/fix/backport_sw_version_capability_10.4

donaldsharp · web-flow · commit f467e9553ee9 · 2025-12-09T08:57:31.000-05:00
bgpd: Handle new encoding for software version capability (backport)
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
@@ -971,11 +971,22 @@ static int bgp_capability_software_version(struct peer *peer,
 					   struct capability_header *hdr)
 {
 	struct stream *s = BGP_INPUT(peer);
+	struct stream *dup = stream_dup(s);
 	char str[BGP_MAX_SOFT_VERSION + 1];
 	size_t end = stream_get_getp(s) + hdr->length;
-	uint8_t len;
+	uint8_t len = hdr->length;
+	uint8_t cap_value_len_field = stream_getc(dup) + 1;
+
+	/* For backward compatibility.
+	 * Older draft versions defined the length field inside
+	 * the capability's value. Newer versions use just the capability's
+	 * length which is hdr->length.
+	 */
+	if (cap_value_len_field == len)
+		len = stream_getc(s);
+
+	stream_free(dup);
 
-	len = stream_getc(s);
 	if (stream_get_getp(s) + len > end) {
 		flog_warn(
 			EC_BGP_CAPABILITY_INVALID_DATA,
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
@@ -3693,16 +3693,33 @@ static void bgp_dynamic_capability_software_version(uint8_t *pnt, int action,
 {
 	uint8_t *data = pnt + 3;
 	uint8_t *end = data + hdr->length;
-	uint8_t len = *data;
+	uint8_t len = hdr->length;
+	uint8_t cap_value_len_field = *data + 1;
 	char soft_version[BGP_MAX_SOFT_VERSION + 1] = {};
 
 	if (action == CAPABILITY_ACTION_SET) {
-		if (data + len + 1 > end) {
-			zlog_err("%pBP: Received invalid Software Version capability length %d",
-				 peer, len);
-			return;
+		/* For backward compatibility.
+		 * Older draft versions defined the length field inside
+		 * the capability's value. Newer versions use just the
+		 * capability's length which is hdr->length.
+		 */
+		if (cap_value_len_field == len) {
+			len = *data;
+
+			if (data + len + 1 > end) {
+				zlog_err("%pBP: Received invalid Software Version capability length %d",
+					 peer, len);
+				return;
+			}
+
+			data++;
+		} else {
+			if (data + len > end) {
+				zlog_err("%pBP: Received invalid Software Version capability length %d",
+					 peer, len);
+				return;
+			}
 		}
-		data++;
 
 		if (len > BGP_MAX_SOFT_VERSION)
 			len = BGP_MAX_SOFT_VERSION;
