bgpd: Ensure that bgp open message stream has enough data to read #12247
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If a operator receives an invalid packet that is of insufficient size then it is possible for BGP to assert during reading of the packet instead of gracefully resetting the connection with the peer. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
@Mergifyio backport stable/8.4 stable/8.3 |
✅ Backports have been created
|
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-8173/ This is a comment from an automated CI system. |
This was referenced Nov 2, 2022
Jafaral
added a commit
that referenced
this pull request
Nov 3, 2022
bgpd: Ensure that bgp open message stream has enough data to read (backport #12247)
Jafaral
added a commit
that referenced
this pull request
Nov 3, 2022
bgpd: Ensure that bgp open message stream has enough data to read (backport #12247)
DavidZagury
added a commit
to DavidZagury/sonic-buildimage
that referenced
this pull request
May 17, 2023
10 tasks
DavidZagury
added a commit
to DavidZagury/sonic-buildimage
that referenced
this pull request
May 17, 2023
10 tasks
qiluo-msft
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 5, 2023
…VE-2022-40302 (#15262) Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs found in FRR 8.2 #### How I did it Take commit from the FRR repo and created a patch from them
qiluo-msft
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 19, 2023
…22-40318… (#15263) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs
yxieca
pushed a commit
to yxieca/sonic-buildimage
that referenced
this pull request
Jun 19, 2023
…22-40318… (sonic-net#15263) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs
11 tasks
yxieca
added a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 20, 2023
…22-40318… (#15263) (#15537) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs Co-authored-by: DavidZagury <32644413+DavidZagury@users.noreply.github.com>
sonic-otn
pushed a commit
to sonic-otn/sonic-buildimage
that referenced
this pull request
Sep 20, 2023
…VE-2022-40302 (sonic-net#15262) Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs found in FRR 8.2 #### How I did it Take commit from the FRR repo and created a patch from them
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If a operator receives an invalid packet that is of insufficient size then it is possible for BGP to assert during reading of the packet instead of gracefully resetting the connection with the peer.
Signed-off-by: Donald Sharp sharpd@nvidia.com