Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
frr.31378
0003-babeld-fix-10487-by-adding-a-check-on-pack...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch of Package frr.31378
From 50044ec7fe129e0a74d3a679dd29fe17ce30e6bf Mon Sep 17 00:00:00 2001 From: whichbug <whichbug@github.com> Date: Thu, 3 Feb 2022 12:01:31 -0500 Upstream: yes References: bsc#1196503,CVE-2022-26127 Subject: [PATCH] babeld: fix #10487 by adding a check on packet length The body length of a packet should satisfy the condition: packetlen >= bodylen + 4. Otherwise, heap overflows may happen. Signed-off-by: whichbug <whichbug@github.com> diff --git a/babeld/message.c b/babeld/message.c index 5c2e29d8b..3a29b6a60 100644 --- a/babeld/message.c +++ b/babeld/message.c @@ -288,13 +288,18 @@ channels_len(unsigned char *channels) static int babel_packet_examin(const unsigned char *packet, int packetlen) { - unsigned i = 0, bodylen; + int i = 0, bodylen; const unsigned char *message; unsigned char type, len; if(packetlen < 4 || packet[0] != 42 || packet[1] != 2) return 1; DO_NTOHS(bodylen, packet + 2); + if(bodylen + 4 > packetlen) { + debugf(BABEL_DEBUG_COMMON, "Received truncated packet (%d + 4 > %d).", + bodylen, packetlen); + return 1; + } while (i < bodylen){ message = packet + 4 + i; type = message[0]; @@ -366,12 +371,6 @@ parse_packet(const unsigned char *from, struct interface *ifp, DO_NTOHS(bodylen, packet + 2); - if(bodylen + 4 > packetlen) { - flog_err(EC_BABEL_PACKET, "Received truncated packet (%d + 4 > %d).", - bodylen, packetlen); - bodylen = packetlen - 4; - } - i = 0; while(i < bodylen) { message = packet + 4 + i; -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor