git.proxmox.com Git - mirror_frr.git/commit

author	Paul Jakma <paul.jakma@sun.com>
	Sat, 22 Dec 2007 16:49:52 +0000 (16:49 +0000)
committer	Paul Jakma <paul.jakma@sun.com>
	Sat, 22 Dec 2007 16:49:52 +0000 (16:49 +0000)
commit	370b64a2ad38e43b4bed028960481bbf4192becd
tree	ebecb7f934a7058d582e52b5c64a21eb676ec994	tree
parent	a7f93f3e060fdb2dc7bf5ff4ed4563d4b689bc6c	commit \| diff

[bgpd] Fix number of DoS security issues, restricted to configured peers.

2007-12-22 Paul Jakma <paul.jakma@sun.com>

* Fix series of vulnerabilities reported by "Mu Security
  Research Team", where bgpd can be made to crash by sending
  malformed packets - requires that bgpd be configured with a
  session to the peer.
* bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only
  set the attribute flag indicating AS4_PATH if we actually managed
  to parse one.
  (bgp_attr_munge_as4_attrs) Assert was too general, it is possible
  to receive AS4_AGGREGATOR before AGGREGATOR.
  (bgp_attr_parse) Check that we have actually received the extra
  byte of header for Extended-Length attributes.
* bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte.
* bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART,
  incorrect -2 left in place from a development version of as4-path
  patch.
* bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter
  needs to be properly sanity checked.
* tests/bgp_capability_test.c: Test for empty capabilities.

bgpd/ChangeLog		diff \| blob \| blame \| history
bgpd/bgp_attr.c		diff \| blob \| blame \| history
bgpd/bgp_attr.h		diff \| blob \| blame \| history
bgpd/bgp_open.c		diff \| blob \| blame \| history
bgpd/bgp_packet.c		diff \| blob \| blame \| history
tests/ChangeLog		diff \| blob \| blame \| history
tests/bgp_capability_test.c		diff \| blob \| blame \| history