Gitiles
Code Review Sign In
gerrit.opencord.org / quagga / 370b64a2ad38e43b4bed028960481bbf4192becd^! / . / bgpd / ChangeLog
commit370b64a2ad38e43b4bed028960481bbf4192becd[log] [tgz]
authorPaul Jakma <paul.jakma@sun.com>Sat Dec 22 16:49:52 2007 +0000
committerPaul Jakma <paul.jakma@sun.com>Sat Dec 22 16:49:52 2007 +0000
treeebecb7f934a7058d582e52b5c64a21eb676ec994
parenta7f93f3e060fdb2dc7bf5ff4ed4563d4b689bc6c [diff] [blame]
[bgpd] Fix number of DoS security issues, restricted to configured peers.

2007-12-22 Paul Jakma <paul.jakma@sun.com>

	* Fix series of vulnerabilities reported by "Mu Security
	  Research Team", where bgpd can be made to crash by sending
	  malformed packets - requires that bgpd be configured with a
	  session to the peer.
	* bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only
	  set the attribute flag indicating AS4_PATH if we actually managed
	  to parse one.
	  (bgp_attr_munge_as4_attrs) Assert was too general, it is possible
	  to receive AS4_AGGREGATOR before AGGREGATOR.
	  (bgp_attr_parse) Check that we have actually received the extra
	  byte of header for Extended-Length attributes.
	* bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte.
	* bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART,
	  incorrect -2 left in place from a development version of as4-path
	  patch.
	* bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter
	  needs to be properly sanity checked.
	* tests/bgp_capability_test.c: Test for empty capabilities.

diff --git a/bgpd/ChangeLog b/bgpd/ChangeLog
index 3fa3837..70bcc0f 100644
--- a/bgpd/ChangeLog
+++ b/bgpd/ChangeLog

@@ -1,3 +1,23 @@
+2007-12-22 Paul Jakma <paul.jakma@sun.com>
+
+	* Fix series of vulnerabilities reported by "Mu Security
+	  Research Team", where bgpd can be made to crash by sending
+	  malformed packets - requires that bgpd be configured with a
+	  session to the peer.
+	* bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only
+	  set the attribute flag indicating AS4_PATH if we actually managed
+	  to parse one.
+	  (bgp_attr_munge_as4_attrs) Assert was too general, it is possible
+	  to receive AS4_AGGREGATOR before AGGREGATOR.
+	  (bgp_attr_parse) Check that we have actually received the extra
+	  byte of header for Extended-Length attributes.
+	* bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte.
+	* bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART,
+	  incorrect -2 left in place from a development version of as4-path
+	  patch.
+	* bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter
+	  needs to be properly sanity checked.
+ 
 2007-12-18 Denis Ovsienko
 
 	* bgp_routemap.c: (no_set_aspath_prepend) This command cancelled