Go to file
Louis Scalbert 6001c765e2 bgpd: fix ecommunity_fill_pbr_action heap-buffer-overflow
Fix the following heap-buffer-overflow:

> ==3901635==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020003a5940 at pc 0x56260067bb48 bp 0x7ffe8a4f3840 sp 0x7ffe8a4f3838
> READ of size 4 at 0x6020003a5940 thread T0
>     #0 0x56260067bb47 in ecommunity_fill_pbr_action bgpd/bgp_ecommunity.c:1587
>     #1 0x5626007a246e in bgp_pbr_build_and_validate_entry bgpd/bgp_pbr.c:939
>     #2 0x5626007b25e6 in bgp_pbr_update_entry bgpd/bgp_pbr.c:2933
>     #3 0x562600909d18 in bgp_zebra_announce bgpd/bgp_zebra.c:1351
>     #4 0x5626007d5efd in bgp_process_main_one bgpd/bgp_route.c:3528
>     #5 0x5626007d6b43 in bgp_process_wq bgpd/bgp_route.c:3641
>     #6 0x7f450f34c2cc in work_queue_run lib/workqueue.c:266
>     #7 0x7f450f327a27 in event_call lib/event.c:1970
>     #8 0x7f450f21a637 in frr_run lib/libfrr.c:1213
>     #9 0x56260062fc04 in main bgpd/bgp_main.c:540
>     #10 0x7f450ee2dd09 in __libc_start_main ../csu/libc-start.c:308
>     #11 0x56260062ca29 in _start (/usr/lib/frr/bgpd+0x2e3a29)
>
> 0x6020003a5940 is located 0 bytes to the right of 16-byte region [0x6020003a5930,0x6020003a5940)
> allocated by thread T0 here:
>     #0 0x7f450f6aa1f8 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
>     #1 0x7f450f244f8a in qrealloc lib/memory.c:112
>     #2 0x562600673313 in ecommunity_add_val_internal bgpd/bgp_ecommunity.c:143
>     #3 0x5626006735bc in ecommunity_uniq_sort_internal bgpd/bgp_ecommunity.c:193
>     #4 0x5626006737e3 in ecommunity_parse_internal bgpd/bgp_ecommunity.c:228
>     #5 0x562600673890 in ecommunity_parse bgpd/bgp_ecommunity.c:236
>     #6 0x562600640469 in bgp_attr_ext_communities bgpd/bgp_attr.c:2674
>     #7 0x562600646eb3 in bgp_attr_parse bgpd/bgp_attr.c:3893
>     #8 0x562600791b7e in bgp_update_receive bgpd/bgp_packet.c:2141
>     #9 0x56260079ba6b in bgp_process_packet bgpd/bgp_packet.c:3406
>     #10 0x7f450f327a27 in event_call lib/event.c:1970
>     #11 0x7f450f21a637 in frr_run lib/libfrr.c:1213
>     #12 0x56260062fc04 in main bgpd/bgp_main.c:540
>     #13 0x7f450ee2dd09 in __libc_start_main ../csu/libc-start.c:308

Fixes: dacf6ec120 ("bgpd: utility routine to convert flowspec actions into pbr actions")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
2024-01-04 17:32:01 +01:00
.github github: Mark the build as failed if 'do not merge' label is set 2023-12-22 10:29:52 +02:00
alpine docker: Use openssl instead of libressl 2023-07-31 11:04:30 +03:00
babeld *: convert struct interface->connected to DLIST 2023-11-22 23:00:30 +01:00
bfdd lib: all: remove './' from xpath 22% speedup 2023-11-29 14:37:23 -05:00
bgpd bgpd: fix ecommunity_fill_pbr_action heap-buffer-overflow 2024-01-04 17:32:01 +01:00
debian redhat, debian: Update release notes for 9.1 release 2023-11-27 08:51:59 +02:00
doc Merge pull request #12261 from cscarpitta/srv6-encap-src-addr 2024-01-02 10:37:34 -05:00
docker build: protobuf is required so update building docs 2023-12-31 13:51:21 +00:00
eigrpd lib: all: remove './' from xpath 22% speedup 2023-11-29 14:37:23 -05:00
fpm *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
gdb lib: add simplified native msg support 2023-12-26 08:34:56 -05:00
grpc *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
include bgpd,lib,sharpd,zebra: srv6 introduce multiple segs/SIDs in nexthop 2023-09-20 15:07:15 +02:00
isisd isisd: Fix dislaying LSP ID 2023-12-04 19:41:28 -05:00
ldpd Merge pull request #14867 from opensourcerouting/zclient-options-cleanup 2023-11-25 09:15:07 -05:00
lib Merge pull request #12261 from cscarpitta/srv6-encap-src-addr 2024-01-02 10:37:34 -05:00
m4 build: fix sed regex in Lua macro 2022-12-08 12:39:17 +01:00
mgmtd lib: mgmtd: increase soft-max msg size to 64K 2023-12-30 16:03:45 +00:00
mlag build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
nhrpd nhrpd: Cleanup a hash on nhrp shutdown 2023-12-16 09:29:00 -05:00
ospf6d ospf6d: remove hidden obsolete commands 2023-12-08 10:51:39 -03:00
ospfclient *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
ospfd ospfd: Fix opaque functab leak and opaque AS cleanup problems 2023-12-20 09:43:51 -05:00
pathd pathd: add dynamic candidate path metric [computed] keyword 2024-01-02 12:07:49 +01:00
pbrd pbrd: fix map seq installed flag in json 2023-12-05 11:30:50 -08:00
pceplib *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pimd lib: all: remove './' from xpath 22% speedup 2023-11-29 14:37:23 -05:00
pkgsrc mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
python zebra: add zebra to mgmtd oper-state 2023-12-28 17:53:40 +00:00
qpb mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
redhat redhat, debian: Update release notes for 9.1 release 2023-11-27 08:51:59 +02:00
ripd lib: all: remove './' from xpath 22% speedup 2023-11-29 14:37:23 -05:00
ripngd lib: all: remove './' from xpath 22% speedup 2023-11-29 14:37:23 -05:00
sharpd sharpd: fix avoid twice sending NHG_DEL for a nexthop-group 2023-12-05 10:06:12 +01:00
snapcraft snapcraft: Use libyang 2.1.80 2023-07-20 21:46:38 +03:00
staticd lib: fix the ASAN OneDefinitionRule violation. 2023-12-11 19:53:03 -05:00
tests Merge pull request #12261 from cscarpitta/srv6-encap-src-addr 2024-01-02 10:37:34 -05:00
tools tools: Add some more data to support bundles 2023-12-21 10:26:47 -05:00
vrrpd lib: all: remove './' from xpath 22% speedup 2023-11-29 14:37:23 -05:00
vtysh zebra, lib, vtysh: Add CLI cmd to set/unset SRv6 encap source address 2023-12-14 14:58:33 +01:00
watchfrr watchfrr: Extend ignore option to daemon being killed 2023-10-18 14:30:03 -04:00
yang *: Introduce Local Host Routes to FRR 2023-11-01 17:13:06 -04:00
zebra Merge pull request #15055 from opensourcerouting/fix/zebra_ipv6_ll_configured 2024-01-02 10:42:08 -05:00
.clang-format tools: add more libyang iter macros to .clang-format 2023-12-28 17:52:57 +00:00
.dockerignore docker: Make docker image on CentOS 7 2019-11-26 19:29:30 +00:00
.flake8 style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.git-blame-ignore-revs tools: Ignore mass renaming of topotests for git blame 2021-05-11 14:14:26 +03:00
.gitignore doc: configure: add configure option to generate .ccls file 2023-05-18 09:32:32 -04:00
.isort.cfg style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.pylintrc style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.travis.yml lib: libyang2 add missed conversion 2021-05-17 22:13:59 -04:00
bootstrap.sh build: turn on automake warnings (& symlinks) 2021-04-21 15:42:37 +02:00
buildtest.sh *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
config.version.in build: carry --with-pkg-extra-version into tarballs 2018-10-24 15:11:50 +02:00
configure.ac build: protobuf is required so update building docs 2023-12-31 13:51:21 +00:00
COPYING *: sort out & explain licenses used in FRR 2023-02-09 12:46:13 +01:00
Makefile.am build: clean up mgmtd lib protobuf make syntax 2023-03-27 16:44:27 -04:00
README.md doc: Fix the link that points to Slack invitation in README 2022-03-24 13:13:37 +02:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
version.h build: make builddir include path consistent 2021-04-21 15:42:33 +02:00

Icon

FRRouting

FRR is free software that implements and manages various IPv4 and IPv6 routing protocols. It runs on nearly all distributions of Linux and BSD and supports all modern CPU architectures.

FRR currently supports the following protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv1
  • RIPv2
  • RIPng
  • IS-IS
  • PIM-SM/MSDP
  • LDP
  • BFD
  • Babel
  • PBR
  • OpenFabric
  • VRRP
  • EIGRP (alpha)
  • NHRP (alpha)

Installation & Use

For source tarballs, see the releases page.

For Debian and its derivatives, use the APT repository at https://deb.frrouting.org/.

Instructions on building and installing from source for supported platforms may be found in the developer docs.

Once installed, please refer to the user guide for instructions on use.

Community

The FRRouting email list server is located here and offers the following public lists:

Topic List
Development dev@lists.frrouting.org
Users & Operators frog@lists.frrouting.org
Announcements announce@lists.frrouting.org

For chat, we currently use Slack. You can join by clicking the "Slack" link under the Participate section of our website.

Contributing

FRR maintains developer's documentation which contains the project workflow and expectations for contributors. Some technical documentation on project internals is also available.

We welcome and appreciate all contributions, no matter how small!

Security

To report security issues, please use our security mailing list:

security [at] lists.frrouting.org