proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-09 16:26:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #14511 from opensourcerouting/fix/bgpd_software_version_capability

Browse Source 
bgpd: Validate maximum length of software version when handling via dynamic caps
This commit is contained in:
Russ White 2023-10-03 10:36:21 -04:00 committed by GitHub
commit 373d46d0f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
bgpd/bgp_packet.c
View File

@ -3064,6 +3064,40 @@ static void bgp_dynamic_capability_graceful_restart(uint8_t *pnt, int action,
} }
} }
static void bgp_dynamic_capability_software_version(uint8_t *pnt, int action,
struct capability_header *hdr,
struct peer *peer)
{
uint8_t *data = pnt + 3;
uint8_t *end = data + hdr->length;
uint8_t len = *data;
char soft_version[BGP_MAX_SOFT_VERSION + 1] = {};
if (action == CAPABILITY_ACTION_SET) {
if (data + len > end) {
zlog_err("%pBP: Received invalid Software Version capability length %d",
peer, len);
return;
}
data++;
if (len > BGP_MAX_SOFT_VERSION)
len = BGP_MAX_SOFT_VERSION;
memcpy(&soft_version, data, len);
soft_version[len] = '\0';
XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version);
peer->soft_version = XSTRDUP(MTYPE_BGP_SOFT_VERSION,
soft_version);
SET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_RCV);
} else {
UNSET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_RCV);
XFREE(MTYPE_BGP_SOFT_VERSION, peer->soft_version);
}
}
/** /**
* Parse BGP CAPABILITY message for peer. * Parse BGP CAPABILITY message for peer.
* *
@ -3082,7 +3116,6 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
afi_t afi; afi_t afi;
iana_safi_t pkt_safi; iana_safi_t pkt_safi;
safi_t safi; safi_t safi;
char soft_version[BGP_MAX_SOFT_VERSION + 1] = {};
const char *capability; const char *capability;
end = pnt + length; end = pnt + length;
@ -3129,22 +3162,8 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
switch (hdr->code) { switch (hdr->code) {
case CAPABILITY_CODE_SOFT_VERSION: case CAPABILITY_CODE_SOFT_VERSION:
if (action == CAPABILITY_ACTION_SET) { bgp_dynamic_capability_software_version(pnt, action,
SET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_RCV); hdr, peer);
memcpy(&soft_version, pnt + 3, hdr->length);
soft_version[hdr->length] = '\0';
XFREE(MTYPE_BGP_SOFT_VERSION,
peer->soft_version);
peer->soft_version =
XSTRDUP(MTYPE_BGP_SOFT_VERSION,
soft_version);
} else {
UNSET_FLAG(peer->cap, PEER_CAP_SOFT_VERSION_RCV);
XFREE(MTYPE_BGP_SOFT_VERSION,
peer->soft_version);
}
break; break;
case CAPABILITY_CODE_MP: case CAPABILITY_CODE_MP:
if (hdr->length < sizeof(struct capability_mp_data)) { if (hdr->length < sizeof(struct capability_mp_data)) {

2
tests/topotests/bgp_dynamic_capability/test_bgp_dynamic_capability_software_version.py
View File

@ -111,7 +111,7 @@ def test_bgp_dynamic_capability_software_version():
if not adv and not rcv: if not adv and not rcv:
return "" return ""
pattern = "FRRouting/\\d.+" pattern = "^FRRouting/\\d.+"
if re.search(pattern, adv) and re.search(pattern, rcv): if re.search(pattern, adv) and re.search(pattern, rcv):
return adv, rcv return adv, rcv
except: except: