pool/frr
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0d23942aca
frr/0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch
Erico Mendonca 0d23942aca - Update to version 10.0.1 from official sources. 
- Clean slate: removing all previous patches.
- The following patches were obsoleted:
  - 0001-disable-zmq-test.patch
  - harden_frr.service.patch
  - 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch
  - 0004-tools-remove-backslash-from-declare-check-regex.patch
  - 0005-root-ok-in-account-frr.pam.patch
  - 0006-bgpd-Check-7-bytes-for-Long-lived-Graceful-Restart-c.patch
  - 0007-bgpd-Ensure-stream-received-has-enough-data.patch
  - 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch
  - 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch
  - 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch
  - 0011-babeld-fix-11808-to-avoid-infinite-loops.patch
  - 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch
  - 0013-bgpd-Check-mandatory-attributes-more-carefully-for-U.patch
  - 0014-bgpd-Handle-MP_REACH_NLRI-malformed-packets-with-ses.patch
  - 0015-bgpd-Treat-EOR-as-withdrawn-to-avoid-unwanted-handli.patch
  - 0016-bgpd-Ignore-handling-NLRIs-if-we-received-MP_UNREACH.patch
  - 0017-bgpd-Fix-use-beyond-end-of-stream-of-labeled-unicast.patch
  - 0018-bgpd-Flowspec-overflow-issue.patch
  - 0019-bgpd-fix-error-handling-when-receiving-BGP-Prefix-SID-attribute.patch
  - 0020-ospfd-Solved-crash-in-OSPF-TE-parsing.patch
  - 0021-ospfd-Solved-crash-in-RI-parsing-with-OSPF-TE.patch
  - 0022-ospfd-Correct-Opaque-LSA-Extended-parser.patch
  - 0023-ospfd-protect-call-to-get_edge-in-ospf_te.c.patch

OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=69
2024-08-08 12:14:43 +00:00

38 lines
1.2 KiB
Diff
Raw Blame History

From 168204de6371f594c4f1ebac30ca3e181a851e39 Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@nvidia.com>
Date: Wed, 5 Apr 2023 14:57:05 -0400
Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit
withdrawal
Upsteam: yes
References: CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8
All other parsing functions done from bgp_nlri_parse() assume
no attributes == an implicit withdrawal. Let's move
bgp_nlri_parse_flowspec() into the same alignment.
Reported-by: Matteo Memelli <mmemelli@amazon.it>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Marius Tomaschewski <mt@suse.com>
diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index 39c0cfe514..fe1f0d50f8 100644
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
afi = packet->afi;
safi = packet->safi;
+ /*
+ * All other AFI/SAFI's treat no attribute as a implicit
+ * withdraw. Flowspec should as well.
+ */
+ if (!attr)
+ withdraw = 1;
+
if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
flog_err(EC_BGP_FLOWSPEC_PACKET,
"BGP flowspec nlri length maximum reached (%u)",
--
2.35.3
Reference in New Issue View Git Blame Copy Permalink