diff options
Diffstat (limited to 'meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch')
-rw-r--r-- | meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch b/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch deleted file mode 100644 index 0ec02dc861..0000000000 --- a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 5e728e929942d39ce5a4ab3d01c33f7b688c4e3f Mon Sep 17 00:00:00 2001 -From: David Lamparter <equinox@opensourcerouting.org> -Date: Wed, 23 Jan 2013 05:50:24 +0100 -Subject: [PATCH] bgpd: relax ORF capability length handling - -Upstream-Status: Backport - -commit fe9bb64... "bgpd: CVE-2012-1820, DoS in bgp_capability_orf()" -made the length test in bgp_capability_orf_entry() stricter and is now -causing us to refuse (with CEASE) ORF capabilites carrying any excess -data. This does not conform to the robustness principle as laid out by -RFC1122 ("be liberal in what you accept"). - -Even worse, RFC5291 is quite unclear on how to use the ORF capability -with multiple AFI/SAFIs. It can be interpreted as either "use one -instance, stuff everything in" but also as "use multiple instances". -So, if not for applying robustness, we end up clearing sessions from -implementations going by the former interpretation. (or if anyone dares -add a byte of padding...) - -Cc: Denis Ovsienko <infrastation@yandex.ru> -Signed-off-by: David Lamparter <equinox@opensourcerouting.org> ---- - bgpd/bgp_open.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c -index af711cc..7bf3501 100644 ---- a/bgpd/bgp_open.c -+++ b/bgpd/bgp_open.c -@@ -230,7 +230,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr) - } - - /* validate number field */ -- if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length) -+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length) - { - zlog_info ("%s ORF Capability entry length error," - " Cap length %u, num %u", --- -1.7.5.4 - |