author | Rich Burridge <rich.burridge@oracle.com> |
Tue, 13 Nov 2012 08:19:05 -0800 | |
changeset 1048 | e82fa02a4d16 |
parent 897 | f239fb8865f3 |
permissions | -rw-r--r-- |
897
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
1 |
The following patch is pulled directly from the GIT repository |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
2 |
for the quagga community. It fixes the following CVE: |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
3 |
|
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
4 |
CVE-2012-1820. |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
5 |
|
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
6 |
The patched CVE is included in Quagga 0.99.22. This patch |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
7 |
file can be removed if Quagga is upgraded to that version. |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
8 |
|
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
9 |
|
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
10 |
--- bgpd/bgp_open.c |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
11 |
+++ bgpd/bgp_open.c |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
12 |
@@ -244,7 +244,7 @@ bgp_capability_orf_entry (struct peer *p |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
13 |
} |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
14 |
|
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
15 |
/* validate number field */ |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
16 |
- if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
17 |
+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
18 |
{ |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
19 |
zlog_info ("%s ORF Capability entry length error," |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
20 |
" Cap length %u, num %u", |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
21 |
@@ -348,28 +348,6 @@ bgp_capability_orf_entry (struct peer *p |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
22 |
} |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
23 |
|
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
24 |
static int |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
25 |
-bgp_capability_orf (struct peer *peer, struct capability_header *hdr) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
26 |
-{ |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
27 |
- struct stream *s = BGP_INPUT (peer); |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
28 |
- size_t end = stream_get_getp (s) + hdr->length; |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
29 |
- |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
30 |
- assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end); |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
31 |
- |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
32 |
- /* We must have at least one ORF entry, as the caller has already done |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
33 |
- * minimum length validation for the capability code - for ORF there must |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
34 |
- * at least one ORF entry (header and unknown number of pairs of bytes). |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
35 |
- */ |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
36 |
- do |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
37 |
- { |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
38 |
- if (bgp_capability_orf_entry (peer, hdr) == -1) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
39 |
- return -1; |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
40 |
- } |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
41 |
- while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end); |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
42 |
- |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
43 |
- return 0; |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
44 |
-} |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
45 |
- |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
46 |
-static int |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
47 |
bgp_capability_restart (struct peer *peer, struct capability_header *caphdr) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
48 |
{ |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
49 |
struct stream *s = BGP_INPUT (peer); |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
50 |
@@ -580,7 +558,7 @@ bgp_capability_parse (struct peer *peer, |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
51 |
break; |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
52 |
case CAPABILITY_CODE_ORF: |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
53 |
case CAPABILITY_CODE_ORF_OLD: |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
54 |
- if (bgp_capability_orf (peer, &caphdr)) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
55 |
+ if (bgp_capability_orf_entry (peer, &caphdr)) |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
56 |
return -1; |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
57 |
break; |
f239fb8865f3
7153585 Problem with network/quagga
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff
changeset
|
58 |
case CAPABILITY_CODE_RESTART: |