Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
frr.31712
0018-bgpd-Flowspec-overflow-issue.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0018-bgpd-Flowspec-overflow-issue.patch of Package frr.31712
From d4ead6bc0b2f0d4682661837d202502127060476 Mon Sep 17 00:00:00 2001 From: Donald Sharp <sharpd@nvidia.com> Date: Thu, 23 Feb 2023 13:29:32 -0500 Subject: [PATCH] bgpd: Flowspec overflow issue Upstream: yes CVE-2023-38406,bsc#1216900,https://github.com/FRRouting/frr/pull/12884/commits/0b999c886e241c52bd1f7ef0066700e4b618ebb3 According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>> Specifying 0 as a length makes BGP get all warm on the inside. Which in this case is not a good thing at all. Prevent warmth, stay cold on the inside. Reported-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Donald Sharp <sharpd@nvidia.com> Signed-off-by: Marius Tomaschewski <mt@suse.com> diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index fe1f0d50f8..98ec1ed073 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -148,6 +148,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, psize); return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; } + + if (psize == 0) { + flog_err(EC_BGP_FLOWSPEC_PACKET, + "Flowspec NLRI length 0 which makes no sense"); + return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; + } + if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) { flog_err( EC_BGP_FLOWSPEC_PACKET, -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor