File quagga-11-CVE-2022-37032_bsc1202023.patch of Package quagga

Overview Repositories Revisions Requests Users Attributes Meta

File quagga-11-CVE-2022-37032_bsc1202023.patch of Package quagga

From 53bfb6559a8c325d289e70ecaa6a191017f2ff3e Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Mon, 9 Sep 2024 14:45:32 +0200
Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
 expected
References: CVE-2022-37032,bsc#1202023

Backported CVE-2022-37032,bsc#1202023 fix:

- commit db057ef0e31ac2c7653e8a9b108c7904a798553b
  from https://github.com/FRRouting/frr/pull/12080
  ```
  Author: Donald Sharp <sharpd@nvidia.com>
  Subject: bgpd: Make sure hdr length is at a minimum of what is expected

Ensure that if the capability length specified is enough data.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
  (cherry picked from commit ff6db1027f8f36df657ff2e5ea167773752537ed)
  ```

Signed-off-by: Marius Tomaschewski <mt@suse.com>

diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 9b064003..b8190c6f 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -2278,6 +2278,14 @@ bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
 	zlog_debug ("%s CAPABILITY has action: %d, code: %u, length %u",
 		   peer->host, action, hdr->code, hdr->length);
 
+      if (hdr->length < sizeof(struct capability_mp_data))
+        {
+          zlog_info("%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
+                    peer, sizeof(struct capability_mp_data),
+	            hdr->length);
+          return -1;
+        }
+
       /* Capability length check. */
       if ((pnt + hdr->length + 3) > end)
         {
-- 
2.43.0

Places

File quagga-11-CVE-2022-37032_bsc1202023.patch of Package quagga

Places