diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-10-30 22:53:09 +0100 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2017-11-01 10:47:12 +0100 |
| commit | d77d7220a7ced8daa89e3e0aa0090a4e60074001 (patch) | |
| tree | 40c189eaae3f92226d1e2c96154e6fc25f18b0fc /package/quagga/0004-bgpd-Fix-AS_PATH-size-calculation-for-long-paths.patch | |
| parent | cc856401e8ac6a2c7a8767737b73dde933a5798a (diff) | |
| download | buildroot-d77d7220a7ced8daa89e3e0aa0090a4e60074001.tar.gz buildroot-d77d7220a7ced8daa89e3e0aa0090a4e60074001.zip | |
quagga: add upstream security fix for CVE-2017-16227
>From the advisory:
http://www.openwall.com/lists/oss-security/2017/10/30/4
It was discovered that the bgpd daemon in the Quagga routing suite does
not properly calculate the length of multi-segment AS_PATH UPDATE
messages, causing bgpd to drop a session and potentially resulting in
loss of network connectivity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/quagga/0004-bgpd-Fix-AS_PATH-size-calculation-for-long-paths.patch')
| -rw-r--r-- | package/quagga/0004-bgpd-Fix-AS_PATH-size-calculation-for-long-paths.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/package/quagga/0004-bgpd-Fix-AS_PATH-size-calculation-for-long-paths.patch b/package/quagga/0004-bgpd-Fix-AS_PATH-size-calculation-for-long-paths.patch new file mode 100644 index 0000000000..1425cf0426 --- /dev/null +++ b/package/quagga/0004-bgpd-Fix-AS_PATH-size-calculation-for-long-paths.patch @@ -0,0 +1,33 @@ +From 7a42b78be9a4108d98833069a88e6fddb9285008 Mon Sep 17 00:00:00 2001 +From: Andreas Jaggi <aj@open.ch> +Date: Mon, 2 Oct 2017 19:38:43 +0530 +Subject: [PATCH] bgpd: Fix AS_PATH size calculation for long paths + +If you have an AS_PATH with more entries than +what can be written into a single AS_SEGMENT_MAX +it needs to be broken up. The code that noticed +that the AS_PATH needs to be broken up was not +correctly calculating the size of the resulting +message. This patch addresses this issue. + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + bgpd/bgp_aspath.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bgpd/bgp_aspath.c b/bgpd/bgp_aspath.c +index b7af5e88..d813bfba 100644 +--- a/bgpd/bgp_aspath.c ++++ b/bgpd/bgp_aspath.c +@@ -903,7 +903,7 @@ aspath_put (struct stream *s, struct aspath *as, int use32bit ) + assegment_header_put (s, seg->type, AS_SEGMENT_MAX); + assegment_data_put (s, seg->as, AS_SEGMENT_MAX, use32bit); + written += AS_SEGMENT_MAX; +- bytes += ASSEGMENT_SIZE (written, use32bit); ++ bytes += ASSEGMENT_SIZE (AS_SEGMENT_MAX, use32bit); + } + + /* write the final segment, probably is also the first */ +-- +2.11.0 + |
