Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
frr
0013-bgpd-Use-treat-as-withdraw-for-tunnel-enca...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0013-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch of Package frr
From 7d4d6e3258c834907b3a75fa8a1e4f221f75ccb3 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <mt@suse.com> Date: Fri, 1 Sep 2023 09:46:25 +0200 Upstream: yes References: CVE-2023-38802,bsc#1213284,https://github.com/FRRouting/frr/pull/14290 Subject: [PATCH] bgpd: Use treat-as-withdraw for tunnel encapsulation attribute Before this path we used session reset method, which is discouraged by rfc7606. Handle this as rfc requires. Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> Signed-off-by: Marius Tomaschewski <mt@suse.com> diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index a9545272ff..ddc5f78268 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1202,6 +1202,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode, case BGP_ATTR_LARGE_COMMUNITIES: case BGP_ATTR_ORIGINATOR_ID: case BGP_ATTR_CLUSTER_LIST: + case BGP_ATTR_ENCAP: return BGP_ATTR_PARSE_WITHDRAW; case BGP_ATTR_MP_REACH_NLRI: case BGP_ATTR_MP_UNREACH_NLRI: @@ -2268,26 +2269,21 @@ bgp_attr_ext_communities(struct bgp_attr_parser_args *args) } /* Parse Tunnel Encap attribute in an UPDATE */ -static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ - bgp_size_t length, /* IN: attr's length field */ - struct attr *attr, /* IN: caller already allocated */ - uint8_t flag, /* IN: attr's flags field */ - uint8_t *startp) +static int bgp_attr_encap(struct bgp_attr_parser_args *args) { - bgp_size_t total; uint16_t tunneltype = 0; - - total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3); + struct peer *const peer = args->peer; + struct attr *const attr = args->attr; + bgp_size_t length = args->length; + uint8_t type = args->type; + uint8_t flag = args->flags; if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS) || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) { - zlog_info( - "Tunnel Encap attribute flag isn't optional and transitive %d", - flag); - bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, - BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, - startp, total); - return -1; + zlog_err("Tunnel Encap attribute flag isn't optional and transitive %d", + flag); + return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, + args->total); } if (BGP_ATTR_ENCAP == type) { @@ -2295,12 +2291,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ uint16_t tlv_length; if (length < 4) { - zlog_info( + zlog_err( "Tunnel Encap attribute not long enough to contain outer T,L"); - bgp_notify_send_with_data( - peer, BGP_NOTIFY_UPDATE_ERR, - BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total); - return -1; + return bgp_attr_malformed(args, + BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, + args->total); } tunneltype = stream_getw(BGP_INPUT(peer)); tlv_length = stream_getw(BGP_INPUT(peer)); @@ -2330,13 +2325,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ } if (sublength > length) { - zlog_info( - "Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d", - sublength, length); - bgp_notify_send_with_data( - peer, BGP_NOTIFY_UPDATE_ERR, - BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total); - return -1; + zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d", + sublength, length); + return bgp_attr_malformed(args, + BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, + args->total); } /* alloc and copy sub-tlv */ @@ -2382,13 +2375,10 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ if (length) { /* spurious leftover data */ - zlog_info( - "Tunnel Encap attribute length is bad: %d leftover octets", - length); - bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, - BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, - startp, total); - return -1; + zlog_err("Tunnel Encap attribute length is bad: %d leftover octets", + length); + return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, + args->total); } return 0; @@ -3083,8 +3073,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr, case BGP_ATTR_VNC: #endif case BGP_ATTR_ENCAP: - ret = bgp_attr_encap(type, peer, length, attr, flag, - startp); + ret = bgp_attr_encap(&attr_args); break; case BGP_ATTR_PREFIX_SID: ret = bgp_attr_prefix_sid(&attr_args); -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor