Gitiles
Code Review Sign In
gerrit.opencord.org / quagga / 0c46638122f10019a12ae9668aec91691cf2e017
commit0c46638122f10019a12ae9668aec91691cf2e017[log] [tgz]
authorPaul Jakma <paul@quagga.net>Sun Dec 05 17:17:26 2010 +0000
committerPaul Jakma <paul@quagga.net>Mon Mar 21 13:50:56 2011 +0000
tree1302073e844ff46061ebb938bcd218ed9fbb96bf
parent8f228de7b3f9d6f641c75b27ac7ac6e5862cf804 [diff]
bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser error

* bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs
  can leave attr->flag indicating ext-community is present, even though no
  extended-community object has been attached to the attr structure.  Thus a
  null-pointer dereference can occur later.
  (bgp_attr_community) No bug fixed here, but tidy up flow so it has same
  form as previous.

  Problem and fix thanks to anonymous reporter.
1 file changed
tree: 1302073e844ff46061ebb938bcd218ed9fbb96bf
  1. .cvsignore
  2. .gitignore
  3. AUTHORS
  4. COPYING
  5. COPYING.LIB
  6. ChangeLog
  7. HACKING
  8. HACKING.pending
  9. INSTALL.quagga.txt
  10. Makefile.am
  11. NEWS
  12. README
  13. README.NetBSD
  14. REPORTING-BUGS
  15. SERVICES
  16. TODO
  17. bgpd/
  18. bootstrap.sh
  19. configure.ac
  20. doc/
  21. guile/
  22. init/
  23. isisd/
  24. lib/
  25. m4/
  26. ospf6d/
  27. ospfclient/
  28. ospfd/
  29. pkgsrc/
  30. ports/
  31. redhat/
  32. ripd/
  33. ripngd/
  34. solaris/
  35. stamp-h.in
  36. tests/
  37. tools/
  38. update-autotools
  39. vtysh/
  40. watchquagga/
  41. zebra/