Marcus Meissner
f8f6f6eb79
scenario due to RIB revalidation (CVE-2024-55553,bsc#1235237) and other fixes, see https://frrouting.org/release/10.2.1/ The 10.2 version provides new features and many enhancements, see https://frrouting.org/release/10.2/ - Add new fpm_listener daemon binary to rpm file lists. - Remove --localstatedir configure parameter causing to use /run/lib instead of /var/lib prefix for the northbound databases and added the /var/lib/frr directory to the rpm file list. - Adjust to set permissions in rpm attr macros (rpmlint suggestion) and use frr_group instead of frr_user in group parameter. OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=81
30 lines
1.0 KiB
Diff
30 lines
1.0 KiB
Diff
From a6c5ef48cb086b94a5b911af4ee9f675213fb14b Mon Sep 17 00:00:00 2001
|
|
From: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Date: Sun, 20 Aug 2023 22:15:27 +0300
|
|
Upstream: yes
|
|
References: CVE-2023-41360,bsc#1214739,https://github.com/FRRouting/frr/pull/14245
|
|
Subject: [PATCH] bgpd: Don't read the first byte of ORF header if we are ahead
|
|
of stream
|
|
|
|
Reported-by: Iggy Frankovic iggyfran@amazon.com
|
|
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Signed-off-by: Marius Tomaschewski <mt@suse.com>
|
|
|
|
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
|
|
index 72d6a92317..4947dbc21d 100644
|
|
--- a/bgpd/bgp_packet.c
|
|
+++ b/bgpd/bgp_packet.c
|
|
@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
|
|
* and 7 bytes of ORF Address-filter entry from
|
|
* the stream
|
|
*/
|
|
- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
|
|
+ if (p_pnt < p_end &&
|
|
+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
|
|
if (bgp_debug_neighbor_events(peer))
|
|
zlog_debug(
|
|
"%pBP rcvd Remove-All pfxlist ORF request",
|
|
--
|
|
2.35.3
|
|
|