Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
This commit is contained in:
Michal Ruprich
parent
9d939262e3
commit
12f2cdf8ce
|
|
@ -0,0 +1,32 @@
|
|||
From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@nvidia.com>
|
||||
Date: Thu, 21 Jul 2022 08:11:58 -0400
|
||||
Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
|
||||
expected
|
||||
|
||||
Ensure that if the capability length specified is enough data.
|
||||
|
||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||
---
|
||||
bgpd/bgp_packet.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
|
||||
index dbf6c0b2e99..45752a8ab6d 100644
|
||||
--- a/bgpd/bgp_packet.c
|
||||
+++ b/bgpd/bgp_packet.c
|
||||
@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
||||
"%s CAPABILITY has action: %d, code: %u, length %u",
|
||||
peer->host, action, hdr->code, hdr->length);
|
||||
|
||||
+ if (hdr->length < sizeof(struct capability_mp_data)) {
|
||||
+ zlog_info(
|
||||
+ "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
|
||||
+ peer, sizeof(struct capability_mp_data),
|
||||
+ hdr->length);
|
||||
+ return BGP_Stop;
|
||||
+ }
|
||||
+
|
||||
/* Capability length check. */
|
||||
if ((pnt + hdr->length + 3) > end) {
|
||||
zlog_info("%s Capability length error", peer->host);
|
||||
6
frr.spec
6
frr.spec
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
Name: frr
|
||||
Version: 8.3.1
|
||||
Release: 1%{?checkout}%{?dist}
|
||||
Release: 2%{?checkout}%{?dist}
|
||||
Summary: Routing daemon
|
||||
License: GPLv2+
|
||||
URL: http://www.frrouting.org
|
||||
|
|
@ -69,6 +69,7 @@ Patch0003: 0003-disable-eigrp-crypto.patch
|
|||
Patch0004: 0004-fips-mode.patch
|
||||
Patch0005: 0005-ospf-api.patch
|
||||
Patch0006: 0006-graceful-restart.patch
|
||||
Patch0007: 0007-cve-2022-37032.patch
|
||||
|
||||
%description
|
||||
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
||||
|
|
@ -274,6 +275,9 @@ make check PYTHON=%{__python3}
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Oct 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
|
||||
- Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
|
||||
|
||||
* Thu Oct 13 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
|
||||
- Resolves: #2129731 - Rebase FRR to the latest version
|
||||
- Resolves: #2129743 - Add targeted SELinux policy for FRR
|
||||
|
|
|
|||
Loading…
Reference in New Issue