author  Mike Sullivan <Mike.Sullivan@Oracle.COM> 
Wed, 29 Aug 2012 11:05:56 0700  
changeset 957  255465c5756f 
parent 897  f239fb8865f3 
permissions  rwrr 
897
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

1 
The following patch is pulled directly from the GIT repository 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

2 
for the quagga community. It fixes the following CVE: 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

3 

f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

4 
CVE20121820. 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

5 

f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

6 
The patched CVE is included in Quagga 0.99.22. This patch 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

7 
file can be removed if Quagga is upgraded to that version. 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

8 

f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

9 

f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

10 
 bgpd/bgp_open.c 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

11 
+++ bgpd/bgp_open.c 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

12 
@@ 244,7 +244,7 @@ bgp_capability_orf_entry (struct peer *p 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

13 
} 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

14 

f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

15 
/* validate number field */ 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

16 
 if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr>length) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

17 
+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr>length) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

18 
{ 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

19 
zlog_info ("%s ORF Capability entry length error," 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

20 
" Cap length %u, num %u", 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

21 
@@ 348,28 +348,6 @@ bgp_capability_orf_entry (struct peer *p 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

22 
} 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

23 

f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

24 
static int 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

25 
bgp_capability_orf (struct peer *peer, struct capability_header *hdr) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

26 
{ 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

27 
 struct stream *s = BGP_INPUT (peer); 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

28 
 size_t end = stream_get_getp (s) + hdr>length; 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

29 
 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

30 
 assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end); 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

31 
 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

32 
 /* We must have at least one ORF entry, as the caller has already done 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

33 
 * minimum length validation for the capability code  for ORF there must 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

34 
 * at least one ORF entry (header and unknown number of pairs of bytes). 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

35 
 */ 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

36 
 do 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

37 
 { 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

38 
 if (bgp_capability_orf_entry (peer, hdr) == 1) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

39 
 return 1; 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

40 
 } 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

41 
 while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end); 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

42 
 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

43 
 return 0; 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

44 
} 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

45 
 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

46 
static int 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

47 
bgp_capability_restart (struct peer *peer, struct capability_header *caphdr) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

48 
{ 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

49 
struct stream *s = BGP_INPUT (peer); 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

50 
@@ 580,7 +558,7 @@ bgp_capability_parse (struct peer *peer, 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

51 
break; 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

52 
case CAPABILITY_CODE_ORF: 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

53 
case CAPABILITY_CODE_ORF_OLD: 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

54 
 if (bgp_capability_orf (peer, &caphdr)) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

55 
+ if (bgp_capability_orf_entry (peer, &caphdr)) 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

56 
return 1; 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

57 
break; 
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset

58 
case CAPABILITY_CODE_RESTART: 