From f3f62318e20e569c7f1161a07461383652aab0a0 Mon Sep 17 00:00:00 2001
From: Richard Cochran <richardcochran@gmail.com>
Date: Tue, 7 Aug 2012 21:26:16 +0200
Subject: [PATCH] Enforce a length limit on an incoming path trace list.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
---
 tlv.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tlv.c b/tlv.c
index 0cf9764..bde00d6 100644
--- a/tlv.c
+++ b/tlv.c
@@ -24,6 +24,7 @@ void tlv_post_recv(struct TLV *tlv)
 {
 	struct management_tlv *mgt;
 	struct management_error_status *mes;
+	struct path_trace_tlv *ptt;
 
 	switch (tlv->type) {
 	case TLV_MANAGEMENT:
@@ -40,7 +41,13 @@ void tlv_post_recv(struct TLV *tlv)
 	case TLV_GRANT_UNICAST_TRANSMISSION:
 	case TLV_CANCEL_UNICAST_TRANSMISSION:
 	case TLV_ACKNOWLEDGE_CANCEL_UNICAST_TRANSMISSION:
+		break;
 	case TLV_PATH_TRACE:
+		ptt = (struct path_trace_tlv *) tlv;
+		if (path_length(ptt) > PATH_TRACE_MAX) {
+			ptt->length = PATH_TRACE_MAX * sizeof(struct ClockIdentity);
+		}
+		break;
 	case TLV_ALTERNATE_TIME_OFFSET_INDICATOR:
 	case TLV_AUTHENTICATION:
 	case TLV_AUTHENTICATION_CHALLENGE: