proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-08 12:49:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Flowspec overflow issue

Browse Source 
According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>>
Specifying 0 as a length makes BGP get all warm on the inside.  Which
in this case is not a good thing at all.  Prevent warmth, stay cold
on the inside.

Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 0b999c886e)
This commit is contained in:
Donald Sharp 2023-02-23 13:29:32 -05:00 committed by Mergify
parent ffbea18bb3
commit 7a23a1b9f1
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bgpd/bgp_flowspec.c
View File

@ -140,6 +140,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
psize); psize);
return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
} }
if (psize == 0) {
flog_err(EC_BGP_FLOWSPEC_PACKET,
"Flowspec NLRI length 0 which makes no sense");
return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
}
if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) { if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) {
flog_err( flog_err(
EC_BGP_FLOWSPEC_PACKET, EC_BGP_FLOWSPEC_PACKET,