File bug-718062_quagga-master-513254.patch of Package quagga.import5276

Overview Repositories Revisions Requests Users Attributes Meta

File bug-718062_quagga-master-513254.patch of Package quagga.import5276

commit d850aabc9bca322dd366d4d3ee2d82b4dddc96d6
Author: Denis Ovsienko <infrastation@yandex.ru>
Date:   Thu Sep 1 18:31:57 2011 +0400

bgpd: CERT-FI #513254 (ext. comm. buffer overflow)
    
    This vulnerability was reported by CROSS project. They have also
    suggested a fix to the problem, which was found acceptable.
    
    The problem occurs when bgpd receives an UPDATE message containing
    255 unknown AS_PATH attributes in Path Attribute Extended Communities.
    This causes a buffer overlow in bgpd.
    
    * bgp_ecommunity.c
      * ecommunity_ecom2str(): perform size check earlier

diff --git a/bgpd/bgp_ecommunity.c b/bgpd/bgp_ecommunity.c
index 8d5fa74..e7eb0a0 100644
--- a/bgpd/bgp_ecommunity.c
+++ b/bgpd/bgp_ecommunity.c
@@ -619,6 +619,13 @@ ecommunity_ecom2str (struct ecommunity *ecom, int format)
 
   for (i = 0; i < ecom->size; i++)
     {
+      /* Make it sure size is enough.  */
+      while (str_pnt + ECOMMUNITY_STR_DEFAULT_LEN >= str_size)
+	{
+	  str_size *= 2;
+	  str_buf = XREALLOC (MTYPE_ECOMMUNITY_STR, str_buf, str_size);
+	}
+
       /* Space between each value.  */
       if (! first)
 	str_buf[str_pnt++] = ' ';
@@ -662,13 +669,6 @@ ecommunity_ecom2str (struct ecommunity *ecom, int format)
 	  break;
 	}
 
-      /* Make it sure size is enough.  */
-      while (str_pnt + ECOMMUNITY_STR_DEFAULT_LEN >= str_size)
-	{
-	  str_size *= 2;
-	  str_buf = XREALLOC (MTYPE_ECOMMUNITY_STR, str_buf, str_size);
-	}
-
       /* Put string into buffer.  */
       if (encode == ECOMMUNITY_ENCODE_AS4)
 	{

Places

File bug-718062_quagga-master-513254.patch of Package quagga.import5276

Places