From: Andreas Jaggi <aj@open.ch>
Date: Mon, 2 Oct 2017 19:38:43 +0530
Subject: bgpd: Fix AS_PATH size calculation for long paths
Origin: http://git.savannah.gnu.org/cgit/quagga.git/commit?id=7a42b78be9a4108d98833069a88e6fddb9285008
Bug-Debian: https://bugs.debian.org/879474
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16227

If you have an AS_PATH with more entries than
what can be written into a single AS_SEGMENT_MAX
it needs to be broken up.  The code that noticed
that the AS_PATH needs to be broken up was not
correctly calculating the size of the resulting
message.  This patch addresses this issue.
---
 bgpd/bgp_aspath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/bgpd/bgp_aspath.c
+++ b/bgpd/bgp_aspath.c
@@ -903,7 +903,7 @@ aspath_put (struct stream *s, struct asp
               assegment_header_put (s, seg->type, AS_SEGMENT_MAX);
               assegment_data_put (s, seg->as, AS_SEGMENT_MAX, use32bit);
               written += AS_SEGMENT_MAX;
-              bytes += ASSEGMENT_SIZE (written, use32bit);
+              bytes += ASSEGMENT_SIZE (AS_SEGMENT_MAX, use32bit);
             }
           
           /* write the final segment, probably is also the first */