Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
quagga.35806
Quagga-2018-1975-bdpd.bsc1079801.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Quagga-2018-1975-bdpd.bsc1079801.patch of Package quagga.35806
From c7c0e5df87ca427cb4d4721b11bd8e707f86420b Mon Sep 17 00:00:00 2001 From: Paul Jakma <paul@jakma.org> Date: Sat, 6 Jan 2018 21:20:51 +0000 Upstream: yes References: CVE-2018-5381,Quagga-2018-1975,bsc#1079801 Subject: bgpd/security: fix infinite loop on certain invalid OPEN messages Security issue: Quagga-2018-1975 See: https://www.quagga.net/security/Quagga-2018-1975.txt * bgpd/bgp_packet.c: (bgp_capability_msg_parse) capability parser can infinite loop due to checks that issue 'continue' without bumping the input pointer. --- bgpd/bgp_packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c index f42e544b..56e27dc6 100644 --- a/bgpd/bgp_packet.c +++ b/bgpd/bgp_packet.c @@ -2251,7 +2251,8 @@ bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length) end = pnt + length; - while (pnt < end) + /* XXX: Streamify this */ + for (; pnt < end; pnt += hdr->length + 3) { /* We need at least action, capability code and capability length. */ if (pnt + 3 > end) @@ -2339,7 +2340,6 @@ bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length) zlog_warn ("%s unrecognized capability code: %d - ignored", peer->host, hdr->code); } - pnt += hdr->length + 3; } return 0; } -- 2.13.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor