upstream/oracle/userland-gate: components/quagga/patches/60-bgp-comm-crash.patch@fea5d407097b (annotated)

417 7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	1	Author: Paul Jakma <[email protected]>
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	2	Date: Fri Sep 7 14:24:55 2007 +0000
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	3
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	4	[bgpd] low-impact DoS: crash on malformed community with debug set
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	5
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	6	2007-09-07 Paul Jakma <[email protected]>
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	7
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	8	* (general) bgpd can be made crash by remote peers if debug
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	9	bgp updates is set, due to NULL pointer dereference.
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	10	Reported by "Mu Security Research Team",
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	11	<[email protected]>.
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	12	* bgp_attr.c: (bgp_attr_community) If community length is 0,
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	13	don't set the community-present attribute bit, just return
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	14	early.
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	15	* bgp_debug.c: (community_str,community_com2str) Check com
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	16	pointer before dereferencing.
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	17
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	18	--- bgpd/bgp_attr.c
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	19	+++ bgpd/bgp_attr.c
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	20	@@ -962,7 +962,10 @@
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	21	struct attr *attr, u_char flag)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	22	{
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	23	if (length == 0)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	24	- attr->community = NULL;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	25	+ {
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	26	+ attr->community = NULL;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	27	+ return 0;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	28	+ }
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	29	else
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	30	{
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	31	attr->community =
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	32	--- bgpd/bgp_community.c
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	33	+++ bgpd/bgp_community.c
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	34	@@ -206,6 +206,9 @@ community_com2str (struct community *com)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	35	u_int16_t as;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	36	u_int16_t val;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	37
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	38	+ if (!com)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	39	+ return NULL;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	40	+
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	41	/* When communities attribute is empty. */
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	42	if (com->size == 0)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	43	{
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	44	@@ -377,6 +380,9 @@ community_dup (struct community *com)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	45	char *
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	46	community_str (struct community *com)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	47	{
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	48	+ if (!com)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	49	+ return NULL;
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	50	+
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	51	if (! com->str)
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	52	com->str = community_com2str (com);
7c10b5cba79b 7066915 Move Quagga to Userland Brian Utterback <Brian.Utterback@Oracle.COM> parents: diff changeset	53	return com->str;

author	Rishi Srivatsavai <Rishi.Srivatsavai@oracle.com>
	Mon, 29 Aug 2011 19:48:54 -0700
changeset 499	fea5d407097b
parent 417	7c10b5cba79b
permissions	-rw-r--r--