Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
quagga.35810
quagga-12-CVE-2024-44070_bsc1229438.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File quagga-12-CVE-2024-44070_bsc1229438.patch of Package quagga.35810
From 8e9da1c09438aab0bb80dbdaaeb067561a3e6b0a Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <mt@suse.com> Date: Tue, 17 Sep 2024 11:57:53 +0200 Subject: [PATCH] bgpd: Check the actual remaining stream length before taking TLV value References: CVE-2024-44070,bsc#1229438 Backported from frr: - commit 237e56054e765d62849ae444e68d16d9eeb19640 from https://github.com/FRRouting/frr/pull/16506 ``` Author: Donatas Abraitis <donatas@opensourcerouting.org> Subject: bgpd: Check the actual remaining stream length before taking TLV value [...] ``` diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index fce4b542..69e72254 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1907,6 +1907,14 @@ bgp_attr_encap(struct bgp_attr_parser_args *args) args->total); } + if (STREAM_READABLE(BGP_INPUT(peer)) < sublength) { + zlog (peer->log, LOG_ERR, + "Tunnel Encap attribute sub-tlv length %d exceeds remaining stream length %zu", + sublength, STREAM_READABLE(BGP_INPUT(peer))); + return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, + args->total); + } + /* alloc and copy sub-tlv */ /* TBD make sure these are freed when attributes are released */ tlv = XCALLOC (MTYPE_ENCAP_TLV, sizeof(struct bgp_attr_encap_subtlv)-1+sublength); -- 2.43.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor