rpm/frr
SHA256
1
0
Fork 0
forked from pool/frr
Code Pull Requests Activity
728032ef78
frr/0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch
Martin Hauke fbadf37a51 Accepting request 1108163 from home:mtomaschewski:frr 
- Removed protobuf-c BuildRequires (source package name) breaking
  build-system setup with libprotobuf-c-devel 1.3.2 updates.
- Apply upstream fix for bgpd: Don't read initial byte of the ORF
  header in an ahead-of-stream situation (CVE-2023-41360,
  bsc#1214739,https://github.com/FRRouting/frr/pull/14245)
  [+ 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch]
- Apply upstream fix for bgpd: Do not process NLRIs if the attribute
  length is zero (CVE-2023-41358,bsc#1214735,
  https://github.com/FRRouting/frr/pull/14260)
  [+ 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch]
- Apply upstream fix bgpd: Use treat-as-withdraw for tunnel encapsulation
  attribute instead of session reset (CVE-2023-38802,bsc#1213284,
  https://github.com/FRRouting/frr/pull/14290)
  [+ 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch]
- Apply upstream fix babeld: avoid infinite loops (CVE-2023-3748,bsc#1213434,
  gh#FRRouting/frr#11808,https://github.com/FRRouting/frr/pull/12952)
  [+ 0011-babeld-fix-11808-to-avoid-infinite-loops.patch]

OBS-URL: https://build.opensuse.org/request/show/1108163
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=51
2023-09-03 14:42:25 +00:00

30 lines
1.0 KiB
Diff
Raw Blame History

From a6c5ef48cb086b94a5b911af4ee9f675213fb14b Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Sun, 20 Aug 2023 22:15:27 +0300
Upstream: yes
References: CVE-2023-41360,bsc#1214739,https://github.com/FRRouting/frr/pull/14245
Subject: [PATCH] bgpd: Don't read the first byte of ORF header if we are ahead
of stream
Reported-by: Iggy Frankovic iggyfran@amazon.com
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Signed-off-by: Marius Tomaschewski <mt@suse.com>
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 72d6a92317..4947dbc21d 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
* and 7 bytes of ORF Address-filter entry from
* the stream
*/
- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
+ if (p_pnt < p_end &&
+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
if (bgp_debug_neighbor_events(peer))
zlog_debug(
"%pBP rcvd Remove-All pfxlist ORF request",
--
2.35.3
View Git Blame Copy Permalink