Fix an issue where an attacker may inject a tainted length value to
corrupt the memory.
> CID 1568380 (#1 of 1): Untrusted value as argument (TAINTED_SCALAR)
> 9. tainted_data: Passing tainted expression length to bgp_linkstate_nlri_value_display, which uses it as an offset
Fixes: 8b531b1107 ("bgpd: store and send bgp link-state attributes") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Fix issues where an attacker may inject a tainted length value to
corrupt the memory.
> CID 1568378 (#1-6 of 6): Untrusted value as argument (TAINTED_SCALAR)
> 16. tainted_data: Passing tainted expression length to bgp_linkstate_tlv_attribute_value_display, which uses it as an offset. [show details]
Fixes: 7e0d9ff8ba ("bgpd: display link-state prefixes detail")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
requirements.txt was pinning sphinx at a very old version. This version
doesn't work in recent versions of Python; the new RTD configuration
made RTD respect our requirements file, breaking the build.
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
Fix comparaison of link state attributes pointers in
link_state_hash_cmp().
> CID 1568379 (#1 of 1): Logically dead code (DEADCODE)
> dead_error_line: Execution cannot reach this statement: return false;.
Fixes: 8b531b1107 ("bgpd: store and send bgp link-state attributes")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Fix illegal memory access bgp_ls_tlv_check_size() if type is 1253.
> CID 1568377 (#4 of 4): Out-of-bounds read (OVERRUN)
> 5. overrun-local: Overrunning array bgp_linkstate_tlv_infos of 1253 16-byte elements at element index 1253 (byte offset 20063) using index type (which evaluates to 1253).
Fixes: 7e0d9ff8ba ("bgpd: display link-state prefixes detail")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Fix the following coverity issue. attr cannot be NULL.
> CID 1568376 (#1 of 1): Dereference before null check (REVERSE_INULL)
> check_after_deref: Null-checking attr suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
Fixes: 8b531b1107 ("bgpd: store and send bgp link-state attributes")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
As of Sep 25 2023, RTD projects require config files to build. This
patch is necessary for docs to continue to build.
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
The documentation pages on checkpatch and CSPF were not reachable
because they were not included in any toctree. Include them in the tree!
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
When the config node is entered in file-lock mode, we should actually
remember it to correctly apply the workaround in `vtysh_exit`.
Otherwise, the file-lock mode is dropped once we exit any node one level
below the config node.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When the configuration node is entered in file-lock mode, candidate
and running datastores are locked. Any configuration change is followed
by an implicit commit which leads to a crash of mgmtd, because double
lock is prohibited by an assert. When working in file-lock mode, we
shouldn't do implicit commits which is disabled by allowing pending
configuration changes.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Align to the release rules:
Releases are scheduled in a 4-month cycle on the first Tuesday each March/July/November.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
When we accept a connection, we try to set TTL for the socket, but the socket
is not yet created/assigned and we are trying to set it on the wrong socket fd.
```
[Event] connection from 127.0.0.1 fd 25, active peer status 3 fd -1
can't set sockopt IP_TTL 255 to socket -1
bgp_set_socket_ttl: Can't set TxTTL on peer (rtrid 0.0.0.0) socket, err = 9
Unable to set min/max TTL on peer 127.0.0.1, Continuing
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
No such thing exists.
/root/frr/doc/user/ospfd.rst:624: WARNING: Cannot analyze code. No Pygments lexer found for "frr".
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
/root/frr/doc/user/ospfd.rst:609: WARNING: Bullet list ends without a blank line; unexpected unindent.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Coverity is complaining that vty->state could be VTY_PASSFD here. It
can't, it really shouldn't, and if it actually is then something went
seriously wrong somewhere earlier so assert()ing out is the best thing
to do.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The socket has been closed in `ssmpingd_setsockopt()` in the wrong cases,
so remove the redundant closing socket from outer layer.
Signed-off-by: anlan_cs <anlan_cs@tom.com>
