From 715893e5ffcce8d32f096c93dd36f345e52c17a7 Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Mon, 21 Apr 2014 14:24:50 +0800
Subject: quagga: fix CVE-2013-6051

Backport patch to fix CVE-2013-6051.

Signed-off-by: Hu <yadi.hu@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
 .../quagga/files/quagga-fix-CVE-2013-6051.patch    | 29 ++++++++++++++++++++++
 .../recipes-protocols/quagga/quagga.inc            |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch

(limited to 'meta-networking/recipes-protocols')

diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
new file mode 100644
index 0000000000..fde9e0ca81
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
@@ -0,0 +1,29 @@
+
+From 8794e8d229dc9fe29ea31424883433d4880ef408
+From: Paul Jakma <paul@quagga.net>
+Date: Mon, 13 Feb 2012 13:53:07 +0000
+Subject: bgpd: Fix regression in args consolidation, total should be inited from args
+
+bgpd: Fix regression in args consolidation, total should be inited from args
+
+* bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args.
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 65af824..839f64d 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+
+@@ -1646,7 +1646,7 @@
+ static bgp_attr_parse_ret_t
+ bgp_attr_unknown (struct bgp_attr_parser_args *args)
+ {
+-  bgp_size_t total;
++  bgp_size_t total = args->total;
+   struct transit *transit;
+   struct attr_extra *attre;
+   struct peer *const peer = args->peer; 
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index f043725be8..60baab8011 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -26,6 +26,7 @@ QUAGGASUBDIR = ""
 SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \
            file://fix-for-lib-inpath.patch \
            file://quagga-0.99.17-libcap.patch \
+           file://quagga-fix-CVE-2013-6051.patch \
            file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \
            file://quagga.init \
            file://quagga.default \
-- 
cgit 1.2.3-korg