From 73416eacb164236a8ec38d06fdfff1cf613a6dfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jason=20K=C3=B6lker?= <jason@koelker.net>
Date: Tue, 26 Jan 2016 05:01:57 +0000
Subject: [PATCH] packet/bgp: Gaurd against extra data in the buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While attempting to peer with a vendor switch, parsing its
BGPOptParamCapabilityGracefulRestart excepted due to the length of the
identifier tuples not being a multiple of 4 octets.

It appears that this might be common as other implementations also stop
when the buffer is < 4.

Signed-off-by: Jason Kölker <jason@koelker.net>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
---
 ryu/lib/packet/bgp.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ryu/lib/packet/bgp.py b/ryu/lib/packet/bgp.py
index cad43806..1038b5e3 100644
--- a/ryu/lib/packet/bgp.py
+++ b/ryu/lib/packet/bgp.py
@@ -1270,7 +1270,7 @@ class BGPOptParamCapabilityGracefulRestart(_OptParamCapability):
         (restart, ) = struct.unpack_from(cls._CAP_PACK_STR, six.binary_type(buf))
         buf = buf[2:]
         l = []
-        while len(buf) > 0:
+        while len(buf) >= 4:
             l.append(struct.unpack_from("!HBB", buf))
             buf = buf[4:]
         return {'flags': restart >> 12, 'time': restart & 0xfff, 'tuples': l}