mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-26 00:55:14 +00:00
Code Issues Releases Activity
5c068af6b7
freebsd-ports/net/quagga/files/patch-CVE-2010-1674
Sergey Matveychuk 17ad9921f7 - security patches for CVE-2010-1674, CVE-2010-1645. 
Approved by:	maintainer
2011-04-01 17:47:00 +00:00

68 lines
2.1 KiB
Plaintext
Raw Blame History

commit ca0f29480d22837f99b9ac42cf64a8d656bfcac5
Author: Paul Jakma <paul@quagga.net>
Date: Sun Dec 5 17:17:26 2010 +0000
bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser error
* bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs
can leave attr->flag indicating ext-community is present, even though no
extended-community object has been attached to the attr structure. Thus a
null-pointer dereference can occur later.
(bgp_attr_community) No bug fixed here, but tidy up flow so it has same
form as previous.
Problem and fix thanks to anonymous reporter.
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index ae0dc88..c6fd3a5 100644
--- bgpd/bgp_attr.c
+++ bgpd/bgp_attr.c
@@ -1235,13 +1235,16 @@ bgp_attr_community (struct peer *peer, bgp_size_t length,
attr->community = NULL;
return 0;
}
- else
- {
- attr->community =
- community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length);
- stream_forward_getp (peer->ibuf, length);
- }
+
+ attr->community =
+ community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length);
+
+ /* XXX: fix community_parse to use stream API and remove this */
+ stream_forward_getp (peer->ibuf, length);
+ if (!attr->community)
+ return -1;
+
attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_COMMUNITIES);
return 0;
@@ -1478,13 +1481,18 @@ bgp_attr_ext_communities (struct peer *peer, bgp_size_t length,
{
if (attr->extra)
attr->extra->ecommunity = NULL;
+ /* Empty extcomm doesn't seem to be invalid per se */
+ return 0;
}
- else
- {
- (bgp_attr_extra_get (attr))->ecommunity =
- ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length);
- stream_forward_getp (peer->ibuf, length);
- }
+
+ (bgp_attr_extra_get (attr))->ecommunity =
+ ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length);
+ /* XXX: fix ecommunity_parse to use stream API */
+ stream_forward_getp (peer->ibuf, length);
+
+ if (!attr->extra->ecommunity)
+ return -1;
+
attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_EXT_COMMUNITIES);
return 0;
Reference in New Issue View Git Blame Copy Permalink