Resolves: RHEL-2216 - NULL pointer dereference
This commit is contained in:
Michal Ruprich
parent
2c64b7c6a1
commit
64f48ec67f
34
0026-CVE-2023-41909.patch
Normal file
34
0026-CVE-2023-41909.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From cfd04dcb3e689754a72507d086ba3b9709fc5ed8 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@nvidia.com>
|
||||
Date: Wed, 5 Apr 2023 14:57:05 -0400
|
||||
Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit
|
||||
withdrawal
|
||||
|
||||
All other parsing functions done from bgp_nlri_parse() assume
|
||||
no attributes == an implicit withdrawal. Let's move
|
||||
bgp_nlri_parse_flowspec() into the same alignment.
|
||||
|
||||
Reported-by: Matteo Memelli <mmemelli@amazon.it>
|
||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||
---
|
||||
bgpd/bgp_flowspec.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
|
||||
index f9debe43cd45..5e1be21402dc 100644
|
||||
--- a/bgpd/bgp_flowspec.c
|
||||
+++ b/bgpd/bgp_flowspec.c
|
||||
@@ -98,6 +98,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
|
||||
afi = packet->afi;
|
||||
safi = packet->safi;
|
||||
|
||||
+ /*
|
||||
+ * All other AFI/SAFI's treat no attribute as a implicit
|
||||
+ * withdraw. Flowspec should as well.
|
||||
+ */
|
||||
+ if (!attr)
|
||||
+ withdraw = 1;
|
||||
+
|
||||
if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
|
||||
flog_err(EC_BGP_FLOWSPEC_PACKET,
|
||||
"BGP flowspec nlri length maximum reached (%u)",
|
||||
6
frr.spec
6
frr.spec
@ -7,7 +7,7 @@
|
||||
|
||||
Name: frr
|
||||
Version: 7.5.1
|
||||
Release: 20%{?checkout}%{?dist}
|
||||
Release: 21%{?checkout}%{?dist}
|
||||
Summary: Routing daemon
|
||||
License: GPLv2+
|
||||
URL: http://www.frrouting.org
|
||||
@ -65,6 +65,7 @@ Patch0022: 0022-route-map-event.patch
|
||||
Patch0023: 0023-CVE-2023-46752.patch
|
||||
Patch0024: 0024-CVE-2023-46753.patch
|
||||
Patch0025: 0025-CVE-2023-31490.patch
|
||||
Patch0026: 0026-CVE-2023-41909.patch
|
||||
|
||||
%description
|
||||
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
||||
@ -285,6 +286,9 @@ make check PYTHON=%{__python3}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 07 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-21
|
||||
- Resolves: RHEL-2216 - NULL pointer dereference
|
||||
|
||||
* Wed Feb 07 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-20
|
||||
- Resolves: RHEL-4797 - missing length check in bgp_attr_psid_sub() can lead do DoS
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user