SHA256
1
0
forked from pool/frr

Accepting request 1111550 from home:mtomaschewski:frr

- Apply upstream fix for NULL pointer dereference due to processing
  of malformed requests with no attributes in bgp_nlri_parse_flowspec
  (CVE-2023-41909,bsc#1215065,cfd04dcb3e).
  [+ 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch]

OBS-URL: https://build.opensuse.org/request/show/1111550
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=53
This commit is contained in:
Martin Hauke 2023-09-15 12:32:32 +00:00 committed by Git OBS Bridge
parent fbadf37a51
commit cee0900b9b
3 changed files with 47 additions and 0 deletions

View File

@ -0,0 +1,37 @@
From 168204de6371f594c4f1ebac30ca3e181a851e39 Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@nvidia.com>
Date: Wed, 5 Apr 2023 14:57:05 -0400
Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit
withdrawal
Upsteam: yes
References: CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8
All other parsing functions done from bgp_nlri_parse() assume
no attributes == an implicit withdrawal. Let's move
bgp_nlri_parse_flowspec() into the same alignment.
Reported-by: Matteo Memelli <mmemelli@amazon.it>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Marius Tomaschewski <mt@suse.com>
diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index 39c0cfe514..fe1f0d50f8 100644
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
afi = packet->afi;
safi = packet->safi;
+ /*
+ * All other AFI/SAFI's treat no attribute as a implicit
+ * withdraw. Flowspec should as well.
+ */
+ if (!attr)
+ withdraw = 1;
+
if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
flog_err(EC_BGP_FLOWSPEC_PACKET,
"BGP flowspec nlri length maximum reached (%u)",
--
2.35.3

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Sep 12 13:40:19 UTC 2023 - Marius Tomaschewski <mt@suse.com>
- Apply upstream fix for NULL pointer dereference due to processing
of malformed requests with no attributes in bgp_nlri_parse_flowspec
(CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8).
[+ 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 30 17:15:35 UTC 2023 - Marius Tomaschewski <mt@suse.com> Wed Aug 30 17:15:35 UTC 2023 - Marius Tomaschewski <mt@suse.com>

View File

@ -50,6 +50,7 @@ Patch8: 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch
Patch9: 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch Patch9: 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch
Patch10: 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch Patch10: 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch
Patch11: 0011-babeld-fix-11808-to-avoid-infinite-loops.patch Patch11: 0011-babeld-fix-11808-to-avoid-infinite-loops.patch
Patch12: 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: bison >= 2.7 BuildRequires: bison >= 2.7
@ -198,6 +199,7 @@ developing OSPF-API and frr applications.
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
%build %build
# GCC LTO objects must be "fat" to avoid assembly errors # GCC LTO objects must be "fat" to avoid assembly errors