18908406 Checksum of OpenSSL FIPS tar ball should be checked with FIPS validated openssl
The following patch is pulled directly from the GIT repository
for the quagga community. It fixes the following CVE:
CVE-2012-1820.
The patched CVE is included in Quagga 0.99.22. This patch
file can be removed if Quagga is upgraded to that version.
--- bgpd/bgp_open.c
+++ bgpd/bgp_open.c
@@ -244,7 +244,7 @@ bgp_capability_orf_entry (struct peer *p
}
/* validate number field */
- if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length)
+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length)
{
zlog_info ("%s ORF Capability entry length error,"
" Cap length %u, num %u",
@@ -348,28 +348,6 @@ bgp_capability_orf_entry (struct peer *p
}
static int
-bgp_capability_orf (struct peer *peer, struct capability_header *hdr)
-{
- struct stream *s = BGP_INPUT (peer);
- size_t end = stream_get_getp (s) + hdr->length;
-
- assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end);
-
- /* We must have at least one ORF entry, as the caller has already done
- * minimum length validation for the capability code - for ORF there must
- * at least one ORF entry (header and unknown number of pairs of bytes).
- */
- do
- {
- if (bgp_capability_orf_entry (peer, hdr) == -1)
- return -1;
- }
- while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end);
-
- return 0;
-}
-
-static int
bgp_capability_restart (struct peer *peer, struct capability_header *caphdr)
{
struct stream *s = BGP_INPUT (peer);
@@ -580,7 +558,7 @@ bgp_capability_parse (struct peer *peer,
break;
case CAPABILITY_CODE_ORF:
case CAPABILITY_CODE_ORF_OLD:
- if (bgp_capability_orf (peer, &caphdr))
+ if (bgp_capability_orf_entry (peer, &caphdr))
return -1;
break;
case CAPABILITY_CODE_RESTART: