diff --git a/src/cntlr_tlv.c b/src/cntlr_tlv.c index 95011b88efffb63367f1f390e00e2068e1b45015..53032af3ca59efa321895cbfb06a1ee3735abc90 100644 --- a/src/cntlr_tlv.c +++ b/src/cntlr_tlv.c @@ -1716,9 +1716,10 @@ int cntlr_gen_agent_list_tlv(struct controller *c, struct cmdu_buff *frm) struct tlv_agent_list *tlv_data; struct node *n; int i; + const uint16_t max_tlv_len = 512; dbg("%s: --->\n", __func__); - t = cmdu_reserve_tlv(frm, 512); + t = cmdu_reserve_tlv(frm, max_tlv_len); if (!t) return -1; @@ -1732,6 +1733,9 @@ int cntlr_gen_agent_list_tlv(struct controller *c, struct cmdu_buff *frm) t->len = sizeof(tlv_data->num_agent) + tlv_data->num_agent * sizeof(tlv_data->agent[0]); + if (t->len > max_tlv_len) + return -1; + i = 0; list_for_each_entry(n, &c->nodelist, list) { dbg("\tagent[%d]:\n", i);