proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-06 06:14:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,480 Commits 4 Branches 191 Tags 125 MiB
C 71.4%
Python 26.5%
Perl 0.6%
M4 0.6%
Shell 0.3%
Other 0.4%
6a98e6a916
Go to file
David Lamparter 6a98e6a916 zebra: stack overrun in IPv6 RA receive code (CVE ##TBA##) 
The IPv6 RA code also receives ICMPv6 RS and RA messages.
Unfortunately, by bad coding practice, the buffer size specified on
receiving such messages mixed up 2 constants that in fact have different
values.

The code itself has:
 #define RTADV_MSG_SIZE 4096
While BUFSIZ is system-dependent, in my case (x86_64 glibc):
 /usr/include/_G_config.h:#define _G_BUFSIZ 8192
 /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ
 /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ

As the latter is passed to the kernel on recvmsg(), it's possible to
overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent
to any of the system's addresses (using fragmentation to get to 8k).

(The socket has filters installed limiting this to RS and RA packets,
but does not have a filter for source address or TTL.)

Issue discovered by trying to test other stuff, which randomly caused
the stack to be smaller than 8kB in that code location, which then
causes the kernel to report EFAULT (Bad address).

Ticket: CM-12687
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
2016-08-31 09:37:07 -04:00
bgpd bgpd: Add fix for multiple set commands with prefer-global 2016-08-30 08:59:08 -04:00
cumulus bgpd: Fix for CM-11777 Need Quagga.conf created at quagga install 2016-08-16 16:27:34 -07:00
debian Fix changelog to add maintainer info, build fails without it 2016-08-04 09:08:37 -07:00
doc doc: Add quagga.1 to the distribution 2016-06-14 15:17:03 -04:00
fpm fpm: Add public header for Forwarding Plane Manager 2012-11-30 21:41:17 +01:00
gdb gdb: Add a directory of files with gdb macros 2016-05-26 15:33:30 +00:00
init build: delete .cvsignore files 2011-12-13 14:27:01 +04:00
isisd isisd: warn if there is an MTU issue on circuits 2016-08-19 13:33:59 -04:00
lib Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
m4 build: fix "pragma weak" mixups 2013-02-09 03:00:12 +01:00
ospf6d Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
ospfclient *: get rid of "MTYPE 0" 2016-07-28 07:27:48 -04:00
ospfd Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
pimd Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
pkgsrc build: delete .cvsignore files 2011-12-13 14:27:01 +04:00
ports pimd: merge pimd as of 2015-01-19 2016-05-25 20:38:32 -04:00
redhat Merge remote-tracking branch 'origin/cmaster' into cmaster-next 2016-07-12 20:24:00 -04:00
ripd Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
ripngd Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
solaris solaris: fix SMF manifest dependency model and start method 2016-05-26 15:25:13 +00:00
tests tests: update testcli reference output 2016-07-24 03:49:35 -04:00
tools quagga-reload.py should not restart quagga if bgp ASN changes 2016-08-18 18:03:46 +00:00
vtysh vtysh --markfile needs to ignore the "end" lines 2016-08-18 17:47:01 +00:00
watchquagga Fix for CM-12450 Ensure quagga logs at startup are sent to syslog (until log configuration is processed) 2016-08-17 19:36:54 -07:00
zebra zebra: stack overrun in IPv6 RA receive code (CVE ##TBA##) 2016-08-31 09:37:07 -04:00
.gitignore git: add (generated) cscope files to .gitignore 2015-09-22 11:54:09 -07:00
AUTHORS Initial revision 2002-12-13 20:15:29 +00:00
bootstrap.sh autoreconf -i 2007-02-06 19:28:28 +00:00
buildtest.sh build: remove --disable-ipv6 2016-06-03 15:51:36 -04:00
ChangeLog [trivia] Make 'make dist' happy about ChangeLog expunge 2008-08-23 08:36:42 +01:00
configure.ac quagga: Set version strings appropriately 2016-08-02 04:54:45 -04:00
COPYING *: nuke ^L (page feed) 2014-06-04 06:58:02 +02:00
COPYING.LIB *: nuke ^L (page feed) 2014-06-04 06:58:02 +02:00
HACKING.md HACKING: Change format to MarkDown 2016-05-26 15:33:32 +00:00
HACKING.pending HACKING.pending: Add Quagga-RE details 2012-03-02 11:56:38 +00:00
INSTALL.quagga.txt build: improve backtrace support/detection 2014-04-01 17:20:44 +02:00
Makefile.am quagga: Modify code to build properly in tools and cumulus 2016-06-15 07:36:41 -04:00
NEWS release: 0.99.24 2016-06-03 15:56:44 -04:00
README 2004-11-12 Paul Jakma <paul@dishone.st> 2004-11-12 10:30:21 +00:00
README.NetBSD Omit --opaque-lsa from build (now default). 2011-06-28 15:05:05 -04:00
REPORTING-BUGS Update for git and emphasize asking for good reports. 2010-05-05 07:51:26 -04:00
SERVICES pimd: merge pimd as of 2015-01-19 2016-05-25 20:38:32 -04:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
TODO doc: update TODO for ospf6d work & bgp multipath 2013-04-16 11:56:11 +02:00
update-autotools * README.NetBSD: use update-autotools instead of autoreconf 2007-02-02 16:52:38 +00:00

README 

Quagga is free software that manages various IPv4 and IPv6 routing
protocols.

Currently Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1,
RIPv2, and RIPng as well as very early support for IS-IS.
  
See the file INSTALL.quagga.txt for building and installation instructions.
  
See the file REPORTING-BUGS to report bugs.
  
Quagga is free software. See the file COPYING for copying conditions.