Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Brian Rak [Mon, 14 Aug 2017 21:22:03 +0000 (17:22 -0400)]
bgpd: Check for per-peer outbound configuration, in addition to the peer-group config
When displaying the config, bgpd only checked for the existance of a peer-group prefix-list before
deciding to not display the outbound prefix-list. This commit updates the outbound prefix-list
logic to match the inbound.
Martin Winter [Thu, 12 Oct 2017 00:56:17 +0000 (17:56 -0700)]
Revert "ospfd: Free memory associated with ospf instance startup"
This reverts commit 79942104bff838362cd6609485a26617492aa6f5.
The original commit causes a heap-use-after-free. See issue
https://github.com/FRRouting/frr/issues/1326
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
smccroskey [Tue, 8 Aug 2017 21:51:38 +0000 (14:51 -0700)]
frr.lintian-overrides: update for current list of built libs
Because the lintian warning no longer matched exactly due to removal
of unused protobuf libraries from the build, the warning wasn't
masked. Update it to match the current warning string.
frr.service: remove explicit dependency on socket-based syslog.target
Testing done: built and installed for all ubuntu targets
Socket-based services such as syslog need not be specified as
dependencies in service files, and doing so may slow down boot by
reducing parallelism. All known supported systemd-based platforms
have syslog as a socket-based service.
Clears the following lintian warnings:
W: frr: systemd-service-file-refers-to-obsolete-target lib/systemd/system/frr.service syslog.target
smccroskey [Mon, 29 May 2017 22:34:02 +0000 (15:34 -0700)]
debian: install PNG files in /usr/share/info
Testing done: built in sbuild with lintian enabled
Clears lintian warnings of the following form:
W: frr-doc: info-document-missing-image-file
According to the documentation for the lintian warning, certain
applications (e.g. emacs) can render images from info files inline,
and expect the images to either have their full path defined or be
installed in the same directory as the info files themselves.
Automake doesn't seem to have a primary for handling this sort of
installation (info_DATA is invalid and causes an error), so opted to
handle it in the debian install file itself.
Installing the images elsewhere (another path installed by frr-doc)
and giving a full path to their location in info files might be a
better approach.
Martin Winter [Fri, 9 Jun 2017 02:14:41 +0000 (19:14 -0700)]
debian->debianpkg: Move debian files from debian dir to debianpkg dir.
Debian build systems use debian subdir for building and having a debian
dir in the source package causes issues.
Moving it to debianpkg avoids the issue and allows us to ship debian
package files in the source distribution
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
minimize diffs between the base debian files and each backport to the
changes that actually matter, so that they aren't lost in the noise of
capitalization and ordering differences.
this removes some cruft -- old/outdated/incorrect information,
trailing whitespace, etc., and updates the descriptions. Some small
changes were made where appropriate to minimize the diff between the
base control file and those of the various backports.
precise/trusty: don't attempt to install pimd or ldpd manuals
Neither of these daemons are installed on 14.04, leading to build
failures now that the man pages are excluded from the Makefiles when
the daemons aren't enabled for install.
backports: error out on upstream/downstream version mismatch
The quilt source format expects the upstream tarball's version to
correspond roughly to the debian version of the package, and errors
will be thrown (at unpack time, in our case) if it doesn't. Do a
sanity check when we're building the source package to make sure they
match up.
Silas McCroskey [Tue, 14 Feb 2017 17:48:57 +0000 (00:48 +0700)]
backports: symlink identical files
Testing-done: built all backports in schroots and VMs
made files identical between different backports symlinks
to the ones for the more recent distribution, and updated
relevant tar invocations to follow symlinks.
Silas McCroskey [Tue, 14 Feb 2017 17:34:42 +0000 (00:34 +0700)]
debian: add pkg-config to build-depends
Testing-done: `--add-depends pkg-config' sbuild
The dependency on pkg-config was introduced recently, and
missed because it's in our schroots by default. Need to add
it for other build environments (e.g. ubuntu schroots).
Silas McCroskey [Tue, 14 Feb 2017 15:48:19 +0000 (22:48 +0700)]
debian: move ubuntu 16.04 files into new backports system
Added 'debian/patches' to the exclude file, since the existing patches
interfere with the build and are unused by our build. No other
changes were necessary. Used '-0~ubuntu16.04+1' as the version
extention, to denote: no patches (-0), debian packaging files changed
for backport (+1).
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com> Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 15:44:17 +0000 (22:44 +0700)]
debian: move ubuntu 14.04 files into new backports system
`git diff'ed the main (cmaster) branch against the 14.04 branch
to determine changed debian files, then pulled them into
debian/backports via `git cat-file'. Added 'debian/patches' to
the exclude file, since the existing patches interfere with the
build and are unused by our build. Used '-0~ubuntu14.04+1' as
the version extention, to denote: no patches (-0), debian
packaging files changed for backport (+1).
Original commit by Silas with updates on fork name by Martin
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 15:34:56 +0000 (22:34 +0700)]
debian: move ubuntu 12.04 files into new backports system
`git diff'ed the main (cmaster) branch against the 12.04 branch
to determine changed debian files, then pulled them into
debian/backports via `git cat-file'. Added 'debian/patches' to
the exclude file, since the existing patches interfere with the
build and are unused by our build. Used '-0~ubuntu12.04+1' as
the version extention, to denote: no patches (-0), debian
packaging files changed for backport (+1).
Original commit by Silas with updates on fork name by Martin
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 12:04:10 +0000 (19:04 +0700)]
debian/backports: include in distfile, don't put files in ..
Testing-done: ran 'make dist', unpacked elsewhere, built from result
Adjusted target to build the .orig.tar.gz accordingly, since it must
exclude the debian/ subdirectory. Allows for building any backport from
only a tarball.
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com> Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 11:45:50 +0000 (18:45 +0700)]
debian: structure for building backports from a single branch
Source a makefile (when it exists) in debian/rules to assemble
a source package via:
* a debian.tar.gz tarball built from combining the contents of debian/
and debian/backports/$backport/debian/ using other details under
debian/backports/$backport
* an orig.tar.gz file (not generated by this makefile). This can (and
should) be the same for all backports.
Renato Westphal [Tue, 3 Oct 2017 19:11:07 +0000 (16:11 -0300)]
ldpd: detach stdin/stdout/stderr from the child processes
Doing a "ssh user@node 'ldpd -d'" was making the SSH session hang. In
the original OpenBSD's ldpd(8) daemon, the daemon function takes care
of connecting stdin/stdout/stderr to /dev/null. In the FRR port, this
only happens in the frr_run() function, after all children have been
forked. Ideally we could try to rearrange libfrr.c and ldpd.c in a way
that start_child() is called only after the parent connects the standard
I/O streams to /dev/null. But since this issue needs an immediate
fix, let's do this workaround for now. Note: even when running on the
foreground, all log messages from the child processes are sent to the
parent process, which then prints the messages to stdout/stderr and/or
to a log file.
Reported-by: Martin Winter <mwinter@opensourcerouting.org> Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Andreas Jaggi [Fri, 8 Sep 2017 11:46:20 +0000 (07:46 -0400)]
bgpd: Fix AS_PATH size calculation for long paths
If you have an AS_PATH with more entries than
what can be written into a single AS_SEGMENT_MAX
it needs to be broken up. The code that noticed
that the AS_PATH needs to be broken up was not
correctly calculating the size of the resulting
message. This patch addresses this issue.
This patch was built from an email that Andreas
sent to the dev alias for FRRouting.
Fixes: #1114 Signed-off-by: Andreas Jaggi <aj@open.ch> Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Thu, 21 Sep 2017 20:03:17 +0000 (16:03 -0400)]
ospf6d: fix heap use after free
During the loop we save a pointer to the next route in the table in case
brouter is deleted during the course of the loop iteration. However when
we call ospf6_route_remove this can trigger ospf6_route_remove on other
routes in the table, one of which could be pointed at by said pointer.
Since ospf6_route_next locks the route that it returns, it won't
actually be deleted, instead the refcount will go to 1. In the next loop
iteration, nbrouter becomes brouter, and calling ospf6_route_next on
this one will finally decrement the refcount to 0, resulting in a free,
which causes subsequent reads on brouter to be UAF. Since the route will
have OSPF6_ROUTE_WAS_REMOVED set, provided the memory was not
overwritten before we got there, we'll continue on to the next one so it
is unlikely this will cause a crash in production.
Solution implemented is to check if we've deleted the route and continue
if so.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Wed, 20 Sep 2017 16:56:38 +0000 (12:56 -0400)]
bgpd: Fix json memory leak
When issuing 'show bgp ...' commands that dump
the entire table, we were dropping the initial
json_paths = json_object_new_object() memory
allocation. Fix this.
Additionally reformat the output to fit
better in 80 columns.
There may be additional memory leaks here
hidden away in how we decide to continue
or not.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Wed, 14 Jun 2017 19:47:14 +0000 (19:47 +0000)]
lib: allow 'do' commands in ENABLE_NODE
'do' is syntax sugar that allows the user to execute a command under
ENABLE_NODE when in another CLI node. If the user is already in
ENABLE_NODE, use of 'do' was previously disallowed. This patch allows it
because it makes it easier for us to hack around certain instances of
the node synchronization problem with vtysh.
Also included is a fix for one of these problems.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Once ldpd allocated label 48 for a given FEC, all subsequent requests
for a new label would return the same value (48). The problem is that
we were left shifting an uint32_t value up to 64 times, losing important
information.
projects / mirror_frr.git / log