Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 5082cc7fedfff6c28a1406c79606b09012b134bc / . / meta-openembedded / meta-networking / recipes-protocols / frr / frr / CVE-2023-41360.patch
blob: 8ee3985b428be261d30dede6a0b7a48b56cfdeb7 [file] [log] [blame]
From 9ecacf2176d2bac4b90e17d49facb8712c1b467a Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Sun, 20 Aug 2023 22:15:27 +0300
Subject: [PATCH 2/2] bgpd: Don't read the first byte of ORF header if we are
ahead of stream
Reported-by: Iggy Frankovic iggyfran@amazon.com
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702]
CVE: CVE-2023-41360
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
bgpd/bgp_packet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 3c2e73c59..f1d0e54c0 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
* and 7 bytes of ORF Address-filter entry from
* the stream
*/
- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
+ if (p_pnt < p_end &&
+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
if (bgp_debug_neighbor_events(peer))
zlog_debug(
"%pBP rcvd Remove-All pfxlist ORF request",
--
2.35.5