[bgpd] low-impact DoS: crash on malformed community with debug set 2007-09-07 Paul Jakma <paul.jakma@sun.com> * (general) bgpd can be made crash by remote peers if debug bgp updates is set, due to NULL pointer dereference. Reported by "Mu Security Research Team", <security@musecurity.com>. * bgp_attr.c: (bgp_attr_community) If community length is 0, don't set the community-present attribute bit, just return early. * bgp_debug.c: (community_str,community_com2str) Check com pointer before dereferencing.

commit: b2ceea18074ab8cca894051a3fbc30c312e3acc6 [log] [tgz]
author: Paul Jakma <paul.jakma@sun.com> Fri Sep 07 14:24:55 2007 +0000
committer: Paul Jakma <paul.jakma@sun.com> Fri Sep 07 14:24:55 2007 +0000
tree: 3dfc9d1572582ed26cedad37768be9a57a67f5a8
parent: 882968e0a2fe65db5aff29149c87f6d292a1cd2d [diff] [blame]
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index ee17b6d..9d13ca6 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c

@@ -1007,7 +1007,10 @@
 		    struct attr *attr, u_char flag)
 {
   if (length == 0)
-    attr->community = NULL;
+    {
+      attr->community = NULL;
+      return 0;
+    }
   else
     {
       attr->community =
commit	b2ceea18074ab8cca894051a3fbc30c312e3acc6	[log] [tgz]
author	Paul Jakma <paul.jakma@sun.com>	Fri Sep 07 14:24:55 2007 +0000
committer	Paul Jakma <paul.jakma@sun.com>	Fri Sep 07 14:24:55 2007 +0000
tree	3dfc9d1572582ed26cedad37768be9a57a67f5a8
parent	882968e0a2fe65db5aff29149c87f6d292a1cd2d [diff] [blame]