proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-11 10:46:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Ensure that bgp open message stream has enough data to read

Browse Source 
If a operator receives an invalid packet that is of insufficient size
then it is possible for BGP to assert during reading of the packet
instead of gracefully resetting the connection with the peer.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This commit is contained in:
Donald Sharp 2022-11-02 13:24:48 -04:00
parent 8d133f9460
commit 766eec1b7a
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
bgpd/bgp_packet.c
View File

@ -1386,8 +1386,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
|| CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) { || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) {
uint8_t opttype; uint8_t opttype;
if (STREAM_READABLE(peer->curr) < 1) {
flog_err(
EC_BGP_PKT_OPEN,
"%s: stream does not have enough bytes for extended optional parameters",
peer->host);
bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
BGP_NOTIFY_OPEN_MALFORMED_ATTR);
return BGP_Stop;
}
opttype = stream_getc(peer->curr); opttype = stream_getc(peer->curr);
if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) { if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) {
if (STREAM_READABLE(peer->curr) < 2) {
flog_err(
EC_BGP_PKT_OPEN,
"%s: stream does not have enough bytes to read the extended optional parameters optlen",
peer->host);
bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
BGP_NOTIFY_OPEN_MALFORMED_ATTR);
return BGP_Stop;
}
optlen = stream_getw(peer->curr); optlen = stream_getw(peer->curr);
SET_FLAG(peer->sflags, SET_FLAG(peer->sflags,
PEER_STATUS_EXT_OPT_PARAMS_LENGTH); PEER_STATUS_EXT_OPT_PARAMS_LENGTH);