Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
This commit is contained in:
parent
9d939262e3
commit
12f2cdf8ce
32
0007-cve-2022-37032.patch
Normal file
32
0007-cve-2022-37032.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001
|
||||||
|
From: Donald Sharp <sharpd@nvidia.com>
|
||||||
|
Date: Thu, 21 Jul 2022 08:11:58 -0400
|
||||||
|
Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
|
||||||
|
expected
|
||||||
|
|
||||||
|
Ensure that if the capability length specified is enough data.
|
||||||
|
|
||||||
|
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||||
|
---
|
||||||
|
bgpd/bgp_packet.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
|
||||||
|
index dbf6c0b2e99..45752a8ab6d 100644
|
||||||
|
--- a/bgpd/bgp_packet.c
|
||||||
|
+++ b/bgpd/bgp_packet.c
|
||||||
|
@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
||||||
|
"%s CAPABILITY has action: %d, code: %u, length %u",
|
||||||
|
peer->host, action, hdr->code, hdr->length);
|
||||||
|
|
||||||
|
+ if (hdr->length < sizeof(struct capability_mp_data)) {
|
||||||
|
+ zlog_info(
|
||||||
|
+ "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
|
||||||
|
+ peer, sizeof(struct capability_mp_data),
|
||||||
|
+ hdr->length);
|
||||||
|
+ return BGP_Stop;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Capability length check. */
|
||||||
|
if ((pnt + hdr->length + 3) > end) {
|
||||||
|
zlog_info("%s Capability length error", peer->host);
|
6
frr.spec
6
frr.spec
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
Name: frr
|
Name: frr
|
||||||
Version: 8.3.1
|
Version: 8.3.1
|
||||||
Release: 1%{?checkout}%{?dist}
|
Release: 2%{?checkout}%{?dist}
|
||||||
Summary: Routing daemon
|
Summary: Routing daemon
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.frrouting.org
|
URL: http://www.frrouting.org
|
||||||
@ -69,6 +69,7 @@ Patch0003: 0003-disable-eigrp-crypto.patch
|
|||||||
Patch0004: 0004-fips-mode.patch
|
Patch0004: 0004-fips-mode.patch
|
||||||
Patch0005: 0005-ospf-api.patch
|
Patch0005: 0005-ospf-api.patch
|
||||||
Patch0006: 0006-graceful-restart.patch
|
Patch0006: 0006-graceful-restart.patch
|
||||||
|
Patch0007: 0007-cve-2022-37032.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
||||||
@ -274,6 +275,9 @@ make check PYTHON=%{__python3}
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
|
||||||
|
- Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
|
||||||
|
|
||||||
* Thu Oct 13 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
|
* Thu Oct 13 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
|
||||||
- Resolves: #2129731 - Rebase FRR to the latest version
|
- Resolves: #2129731 - Rebase FRR to the latest version
|
||||||
- Resolves: #2129743 - Add targeted SELinux policy for FRR
|
- Resolves: #2129743 - Add targeted SELinux policy for FRR
|
||||||
|
Loading…
Reference in New Issue
Block a user