-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bgpd: Ensure that bgp open message stream has enough data to read #12247
Conversation
If a operator receives an invalid packet that is of insufficient size then it is possible for BGP to assert during reading of the packet instead of gracefully resetting the connection with the peer. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
@Mergifyio backport stable/8.4 stable/8.3 |
✅ Backports have been created
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-8173/ This is a comment from an automated CI system. |
bgpd: Ensure that bgp open message stream has enough data to read (backport #12247)
bgpd: Ensure that bgp open message stream has enough data to read (backport #12247)
…VE-2022-40302 (#15262) Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs found in FRR 8.2 #### How I did it Take commit from the FRR repo and created a patch from them
…22-40318… (#15263) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs
…22-40318… (sonic-net#15263) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs
…22-40318… (#15263) (#15537) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs Co-authored-by: DavidZagury <32644413+DavidZagury@users.noreply.github.com>
…VE-2022-40302 (sonic-net#15262) Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs found in FRR 8.2 #### How I did it Take commit from the FRR repo and created a patch from them
If a operator receives an invalid packet that is of insufficient size then it is possible for BGP to assert during reading of the packet instead of gracefully resetting the connection with the peer.
Signed-off-by: Donald Sharp sharpd@nvidia.com