mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-07-31 22:44:58 +00:00
bgpd: Fix errors handling for MP/GR capabilities as dynamic capability
When receiving a MP/GR capability as dynamic capability, but malformed, do not
forget to advance the pointer to avoid hitting infinity loop.
After:
```
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [GS0AQ-HKY0X] 127.0.0.1 rcv CAPABILITY
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 5, length 0
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 0, length 0
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [HFHDS-QT71N][EC 33554494] 127.0.0.1(donatas-pc): unrecognized capability code: 0 - ignored
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 0, code: 0, length 0
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [HFHDS-QT71N][EC 33554494] 127.0.0.1(donatas-pc): unrecognized capability code: 0 - ignored
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 0, code: 0, length 0
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [HFHDS-QT71N][EC 33554494] 127.0.0.1(donatas-pc): unrecognized capability code: 0 - ignored
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 0, code: 0, length 1
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [HFHDS-QT71N][EC 33554494] 127.0.0.1(donatas-pc): unrecognized capability code: 0 - ignored
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:15:28 donatas-laptop bgpd[353550]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
```
Before:
```
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [Z1DRQ-N6Z5F] 127.0.0.1(donatas-pc): Dynamic Capability MultiProtocol Extensions afi/safi invalid (bad-value/unicast)
Mar 29 11:14:54 donatas-laptop bgpd[347675]: [JTVED-VGTQQ] 127.0.0.1(donatas-pc): CAPABILITY has action: 1, code: 1, length 10
```
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 30a332dad8)
This commit is contained in:
Donatas Abraitis
Mergify
parent
34dbb82631
commit
2a5ea423ef
@ -3610,6 +3610,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
zlog_err("%pBP: Capability length error", peer);
|
zlog_err("%pBP: Capability length error", peer);
|
||||||
bgp_notify_send(peer->connection, BGP_NOTIFY_CEASE,
|
bgp_notify_send(peer->connection, BGP_NOTIFY_CEASE,
|
||||||
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
||||||
|
pnt += length;
|
||||||
return BGP_Stop;
|
return BGP_Stop;
|
||||||
}
|
}
|
||||||
action = *pnt;
|
action = *pnt;
|
||||||
@ -3622,7 +3623,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
action);
|
action);
|
||||||
bgp_notify_send(peer->connection, BGP_NOTIFY_CEASE,
|
bgp_notify_send(peer->connection, BGP_NOTIFY_CEASE,
|
||||||
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
||||||
return BGP_Stop;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bgp_debug_neighbor_events(peer))
|
if (bgp_debug_neighbor_events(peer))
|
||||||
@ -3634,12 +3635,13 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
zlog_err("%pBP: Capability length error", peer);
|
zlog_err("%pBP: Capability length error", peer);
|
||||||
bgp_notify_send(peer->connection, BGP_NOTIFY_CEASE,
|
bgp_notify_send(peer->connection, BGP_NOTIFY_CEASE,
|
||||||
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
||||||
|
pnt += length;
|
||||||
return BGP_Stop;
|
return BGP_Stop;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Ignore capability when override-capability is set. */
|
/* Ignore capability when override-capability is set. */
|
||||||
if (CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
|
if (CHECK_FLAG(peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY))
|
||||||
continue;
|
goto done;
|
||||||
|
|
||||||
capability = lookup_msg(capcode_str, hdr->code, "Unknown");
|
capability = lookup_msg(capcode_str, hdr->code, "Unknown");
|
||||||
|
|
||||||
@ -3654,7 +3656,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
peer, capability,
|
peer, capability,
|
||||||
sizeof(struct capability_mp_data),
|
sizeof(struct capability_mp_data),
|
||||||
hdr->length);
|
hdr->length);
|
||||||
return BGP_Stop;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
|
memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data));
|
||||||
@ -3669,7 +3671,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
peer, capability,
|
peer, capability,
|
||||||
iana_afi2str(pkt_afi),
|
iana_afi2str(pkt_afi),
|
||||||
iana_safi2str(pkt_safi));
|
iana_safi2str(pkt_safi));
|
||||||
continue;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Address family check. */
|
/* Address family check. */
|
||||||
@ -3696,7 +3698,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
if (peer_active_nego(peer))
|
if (peer_active_nego(peer))
|
||||||
bgp_clear_route(peer, afi, safi);
|
bgp_clear_route(peer, afi, safi);
|
||||||
else
|
else
|
||||||
return BGP_Stop;
|
goto done;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case CAPABILITY_CODE_RESTART:
|
case CAPABILITY_CODE_RESTART:
|
||||||
@ -3706,7 +3708,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
bgp_notify_send(peer->connection,
|
bgp_notify_send(peer->connection,
|
||||||
BGP_NOTIFY_CEASE,
|
BGP_NOTIFY_CEASE,
|
||||||
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
||||||
return BGP_Stop;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
bgp_dynamic_capability_graceful_restart(pnt, action,
|
bgp_dynamic_capability_graceful_restart(pnt, action,
|
||||||
@ -3738,7 +3740,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
bgp_notify_send(peer->connection,
|
bgp_notify_send(peer->connection,
|
||||||
BGP_NOTIFY_CEASE,
|
BGP_NOTIFY_CEASE,
|
||||||
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
BGP_NOTIFY_SUBCODE_UNSPECIFIC);
|
||||||
return BGP_Stop;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t role;
|
uint8_t role;
|
||||||
@ -3760,6 +3762,7 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
done:
|
||||||
pnt += hdr->length + 3;
|
pnt += hdr->length + 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user