Mailinglist Archive: opensuse-commit (754 mails)

< Previous Next >
commit quagga for openSUSE:Factory
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Thu, 07 May 2009 17:50:03 +0200
  • Message-id: <20090507155003.A381D67816B@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package quagga for openSUSE:Factory
checked in at Thu May 7 17:50:03 CEST 2009.



--------
--- quagga/quagga.changes 2009-01-19 14:13:54.000000000 +0100
+++ /mounts/work_src_done/STABLE/quagga/quagga.changes 2009-05-07
14:17:32.000000000 +0200
@@ -1,0 +2,6 @@
+Thu May 7 14:16:16 CEST 2009 - prusnak@xxxxxxx
+
+- fixed crash (DoS) in BGP daemon via an ASN elements
+ (bgpd-asn-dos.patch) [bnc#500540]
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
quagga-0.99.11-bgpd-asn-dos.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ quagga.spec ++++++
--- /var/tmp/diff_new_pack.hq6810/_old 2009-05-07 17:48:41.000000000 +0200
+++ /var/tmp/diff_new_pack.hq6810/_new 2009-05-07 17:48:41.000000000 +0200
@@ -21,7 +21,7 @@
Name: quagga
BuildRequires: net-snmp-devel pam-devel readline-devel
Version: 0.99.11
-Release: 1
+Release: 2
PreReq: %insserv_prereq %fillup_prereq
PreReq: %install_info_prereq
# pwdutils for useradd and groupadd
@@ -35,7 +35,8 @@
Summary: Free Routing Software (for BGP, OSPF and RIP, for example)
Source: %{name}-%{version}.tar.bz2
Source1: %{name}-SUSE.tar.bz2
-Source2: quagga.pam
+Source2: %{name}.pam
+Patch0: %{name}-%{version}-bgpd-asn-dos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build

%description
@@ -84,6 +85,7 @@

%prep
%setup -q -a 1
+%patch0

%build
if ! ls /proc/net/{dev,route,snmp} >/dev/null; then
@@ -177,6 +179,9 @@
%{_includedir}/%{name}/ospfd/*.h

%changelog
+* Thu May 07 2009 prusnak@xxxxxxx
+- fixed crash (DoS) in BGP daemon via an ASN elements
+ (bgpd-asn-dos.patch) [bnc#500540]
* Mon Jan 19 2009 prusnak@xxxxxxx
- updated to 0.99.11
* bgpd:

++++++ quagga-0.99.11-bgpd-asn-dos.patch ++++++
--- bgpd/bgp_aspath.c
+++ bgpd/bgp_aspath.c
@@ -393,25 +393,6 @@ aspath_delimiter_char (u_char type, u_ch
return ' ';
}

-/* countup asns from this segment and index onward */
-static int
-assegment_count_asns (struct assegment *seg, int from)
-{
- int count = 0;
- while (seg)
- {
- if (!from)
- count += seg->length;
- else
- {
- count += (seg->length - from);
- from = 0;
- }
- seg = seg->next;
- }
- return count;
-}
-
unsigned int
aspath_count_confeds (struct aspath *aspath)
{
@@ -521,6 +502,21 @@ aspath_count_numas (struct aspath *aspat
return num;
}

+static void
+aspath_make_str_big_enough (int len,
+ char **str_buf,
+ int *str_size,
+ int count_to_be_added)
+{
+#define TERMINATOR 1
+ while (len + count_to_be_added + TERMINATOR > *str_size)
+ {
+ *str_size *= 2;
+ *str_buf = XREALLOC (MTYPE_AS_STR, *str_buf, *str_size);
+ }
+#undef TERMINATOR
+}
+
/* Convert aspath structure to string expression. */
static char *
aspath_make_str_count (struct aspath *as)
@@ -540,18 +536,7 @@ aspath_make_str_count (struct aspath *as

seg = as->segments;

- /* ASN takes 5 chars at least, plus seperator, see below.
- * If there is one differing segment type, we need an additional
- * 2 chars for segment delimiters, and the final '\0'.
- * Hopefully this is large enough to avoid hitting the realloc
- * code below for most common sequences.
- *
- * With 32bit ASNs, this range will increase, but only worth changing
- * once there are significant numbers of ASN >= 100000
- */
-#define ASN_STR_LEN (5 + 1)
- str_size = MAX (assegment_count_asns (seg, 0) * ASN_STR_LEN + 2 + 1,
- ASPATH_STR_DEFAULT_LEN);
+ str_size = ASPATH_STR_DEFAULT_LEN;
str_buf = XMALLOC (MTYPE_AS_STR, str_size);

while (seg)
@@ -575,32 +560,24 @@ aspath_make_str_count (struct aspath *as
return NULL;
}

- /* We might need to increase str_buf, particularly if path has
- * differing segments types, our initial guesstimate above will
- * have been wrong. need 5 chars for ASN, a seperator each and
- * potentially two segment delimiters, plus a space between each
- * segment and trailing zero.
- *
- * This may need to revised if/when significant numbers of
- * ASNs >= 100000 are assigned and in-use on the internet...
- */
-#define SEGMENT_STR_LEN(X) (((X)->length * ASN_STR_LEN) + 2 + 1 + 1)
- if ( (len + SEGMENT_STR_LEN(seg)) > str_size)
- {
- str_size = len + SEGMENT_STR_LEN(seg);
- str_buf = XREALLOC (MTYPE_AS_STR, str_buf, str_size);
- }
-#undef ASN_STR_LEN
-#undef SEGMENT_STR_LEN
-
if (seg->type != AS_SEQUENCE)
- len += snprintf (str_buf + len, str_size - len,
- "%c",
- aspath_delimiter_char (seg->type, AS_SEG_START));
+ {
+ aspath_make_str_big_enough (len, &str_buf, &str_size, 1); /* %c */
+ len += snprintf (str_buf + len, str_size - len,
+ "%c",
+ aspath_delimiter_char (seg->type, AS_SEG_START));
+ }

/* write out the ASNs, with their seperators, bar the last one*/
for (i = 0; i < seg->length; i++)
{
+#define APPROX_DIG_CNT(x) (x < 100000U ? 5 : 10)
+ /* %u + %c + %c + " " (last two are below loop) */
+ aspath_make_str_big_enough (len,
+ &str_buf,
+ &str_size,
+ APPROX_DIG_CNT(seg->as[i]) + 1 + 1 + 1);
+
len += snprintf (str_buf + len, str_size - len, "%u", seg->as[i]);

if (i < (seg->length - 1))
@@ -1771,8 +1748,9 @@ aspath_key_make (void *p)
static int
aspath_cmp (const void *arg1, const void *arg2)
{
- const struct assegment *seg1 = ((struct aspath *)arg1)->segments;
- const struct assegment *seg2 = ((struct aspath *)arg2)->segments;
+ const struct assegment *seg1 = ((const struct aspath *)arg1)->segments;
+ const struct assegment *seg2 = ((const struct aspath *)arg2)->segments;
+

while (seg1 || seg2)
{
--- bgpd/bgp_attr.c
+++ bgpd/bgp_attr.c
@@ -857,7 +857,7 @@ static int bgp_attr_aspath_check( struct
&& ! aspath_firstas_check (attr->aspath, peer->as))
{
zlog (peer->log, LOG_ERR,
- "%s incorrect first AS (must be %d)", peer->host, peer->as);
+ "%s incorrect first AS (must be %u)", peer->host, peer->as);
bgp_notify_send (peer,
BGP_NOTIFY_UPDATE_ERR,
BGP_NOTIFY_UPDATE_MAL_AS_PATH);
--- bgpd/bgp_community.c
+++ bgpd/bgp_community.c
@@ -282,7 +282,7 @@ community_com2str (struct community *co
default:
as = (comval >> 16) & 0xFFFF;
val = comval & 0xFFFF;
- sprintf (pnt, "%d:%d", as, val);
+ sprintf (pnt, "%u:%d", as, val);
pnt += strlen (pnt);
break;
}
--- bgpd/bgpd.c
+++ bgpd/bgpd.c
@@ -4512,13 +4512,13 @@ bgp_config_write_peer (struct vty *vty,
vty_out (vty, " neighbor %s peer-group%s", addr,
VTY_NEWLINE);
if (peer->as)
- vty_out (vty, " neighbor %s remote-as %d%s", addr, peer->as,
+ vty_out (vty, " neighbor %s remote-as %u%s", addr, peer->as,
VTY_NEWLINE);
}
else
{
if (! g_peer->as)
- vty_out (vty, " neighbor %s remote-as %d%s", addr, peer->as,
+ vty_out (vty, " neighbor %s remote-as %u%s", addr, peer->as,
VTY_NEWLINE);
if (peer->af_group[AFI_IP][SAFI_UNICAST])
vty_out (vty, " neighbor %s peer-group %s%s", addr,
@@ -4528,7 +4528,7 @@ bgp_config_write_peer (struct vty *vty,
/* local-as. */
if (peer->change_local_as)
if (! peer_group_active (peer))
- vty_out (vty, " neighbor %s local-as %d%s%s", addr,
+ vty_out (vty, " neighbor %s local-as %u%s%s", addr,
peer->change_local_as,
CHECK_FLAG (peer->flags, PEER_FLAG_LOCAL_AS_NO_PREPEND) ?
" no-prepend" : "", VTY_NEWLINE);
@@ -4917,7 +4917,7 @@ bgp_config_write (struct vty *vty)
vty_out (vty, "!%s", VTY_NEWLINE);

/* Router bgp ASN */
- vty_out (vty, "router bgp %d", bgp->as);
+ vty_out (vty, "router bgp %u", bgp->as);

if (bgp_option_check (BGP_OPT_MULTIPLE_INSTANCE))
{
@@ -4978,7 +4978,7 @@ bgp_config_write (struct vty *vty)
vty_out (vty, " bgp confederation peers");

for (i = 0; i < bgp->confed_peers_cnt; i++)
- vty_out(vty, " %d", bgp->confed_peers[i]);
+ vty_out(vty, " %u", bgp->confed_peers[i]);

vty_out (vty, "%s", VTY_NEWLINE);
}
--- bgpd/bgp_debug.c
+++ bgpd/bgp_debug.c
@@ -205,7 +205,7 @@ bgp_dump_attr (struct peer *peer, struct
snprintf (buf + strlen (buf), size - strlen (buf), ", atomic-aggregate");

if (CHECK_FLAG (attr->flag, ATTR_FLAG_BIT (BGP_ATTR_AGGREGATOR)))
- snprintf (buf + strlen (buf), size - strlen (buf), ", aggregated by %d %s",
+ snprintf (buf + strlen (buf), size - strlen (buf), ", aggregated by %u %s",
attr->extra->aggregator_as,
inet_ntoa (attr->extra->aggregator_addr));

--- bgpd/bgp_ecommunity.c
+++ bgpd/bgp_ecommunity.c
@@ -673,7 +673,7 @@ ecommunity_ecom2str (struct ecommunity *
eas.val = (*pnt++ << 8);
eas.val |= (*pnt++);

- len = sprintf( str_buf + str_pnt, "%s%d:%d", prefix,
+ len = sprintf( str_buf + str_pnt, "%s%u:%d", prefix,
eas.as, eas.val );
str_pnt += len;
first = 0;
@@ -688,7 +688,7 @@ ecommunity_ecom2str (struct ecommunity *
eas.val |= (*pnt++ << 8);
eas.val |= (*pnt++);

- len = sprintf (str_buf + str_pnt, "%s%d:%d", prefix,
+ len = sprintf (str_buf + str_pnt, "%s%u:%d", prefix,
eas.as, eas.val);
str_pnt += len;
first = 0;
--- bgpd/bgp_mplsvpn.c
+++ bgpd/bgp_mplsvpn.c
@@ -265,7 +265,7 @@ prefix_rd2str (struct prefix_rd *prd, ch
if (type == RD_TYPE_AS)
{
decode_rd_as (pnt + 2, &rd_as);
- snprintf (buf, size, "%d:%d", rd_as.as, rd_as.val);
+ snprintf (buf, size, "%u:%d", rd_as.as, rd_as.val);
return buf;
}
else if (type == RD_TYPE_IP)
@@ -371,7 +371,7 @@ show_adj_route_vpn (struct vty *vty, str
vty_out (vty, "Route Distinguisher: ");

if (type == RD_TYPE_AS)
- vty_out (vty, "%d:%d", rd_as.as, rd_as.val);
+ vty_out (vty, "%u:%d", rd_as.as, rd_as.val);
else if (type == RD_TYPE_IP)
vty_out (vty, "%s:%d", inet_ntoa (rd_ip.ip), rd_ip.val);

@@ -478,7 +478,7 @@ bgp_show_mpls_vpn (struct vty *vty, stru
vty_out (vty, "Route Distinguisher: ");

if (type == RD_TYPE_AS)
- vty_out (vty, "%d:%d", rd_as.as, rd_as.val);
+ vty_out (vty, "%u:%d", rd_as.as, rd_as.val);
else if (type == RD_TYPE_IP)
vty_out (vty, "%s:%d", inet_ntoa (rd_ip.ip), rd_ip.val);

--- bgpd/bgp_packet.c
+++ bgpd/bgp_packet.c
@@ -813,7 +813,7 @@ bgp_open_send (struct peer *peer)
length = bgp_packet_set_size (s);

if (BGP_DEBUG (normal, NORMAL))
- zlog_debug ("%s sending OPEN, version %d, my as %d, holdtime %d, id %s",
+ zlog_debug ("%s sending OPEN, version %d, my as %u, holdtime %d, id %s",
peer->host, BGP_VERSION_4, local_as,
send_holdtime, inet_ntoa (peer->local_id));

@@ -1184,7 +1184,7 @@ bgp_open_receive (struct peer *peer, bgp

/* Receive OPEN message log */
if (BGP_DEBUG (normal, NORMAL))
- zlog_debug ("%s rcv OPEN, version %d, remote-as (in open) %d,"
+ zlog_debug ("%s rcv OPEN, version %d, remote-as (in open) %u,"
" holdtime %d, id %s",
peer->host, version, remote_as, holdtime,
inet_ntoa (remote_id));
@@ -1277,7 +1277,7 @@ bgp_open_receive (struct peer *peer, bgp
else
{
if (BGP_DEBUG (normal, NORMAL))
- zlog_debug ("%s bad OPEN, remote AS is %d, expected %d",
+ zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
peer->host, remote_as, peer->as);
bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR,
BGP_NOTIFY_OPEN_BAD_PEER_AS,
@@ -1430,7 +1430,7 @@ bgp_open_receive (struct peer *peer, bgp
if (remote_as != peer->as)
{
if (BGP_DEBUG (normal, NORMAL))
- zlog_debug ("%s bad OPEN, remote AS is %d, expected %d",
+ zlog_debug ("%s bad OPEN, remote AS is %u, expected %u",
peer->host, remote_as, peer->as);
bgp_notify_send_with_data (peer,
BGP_NOTIFY_OPEN_ERR,
--- bgpd/bgp_route.c
+++ bgpd/bgp_route.c
@@ -834,7 +834,7 @@ bgp_announce_check (struct bgp_info *ri,
{
if (BGP_DEBUG (filter, FILTER))
zlog (peer->log, LOG_DEBUG,
- "%s [Update:SEND] suppress announcement to peer AS %d is AS
path.",
+ "%s [Update:SEND] suppress announcement to peer AS %u is AS
path.",
peer->host, peer->as);
return 0;
}
@@ -847,7 +847,7 @@ bgp_announce_check (struct bgp_info *ri,
{
if (BGP_DEBUG (filter, FILTER))
zlog (peer->log, LOG_DEBUG,
- "%s [Update:SEND] suppress announcement to peer AS %d is AS
path.",
+ "%s [Update:SEND] suppress announcement to peer AS %u is AS
path.",
peer->host,
bgp->confed_id);
return 0;
@@ -1163,7 +1163,7 @@ bgp_announce_check_rsclient (struct bgp_
{
if (BGP_DEBUG (filter, FILTER))
zlog (rsclient->log, LOG_DEBUG,
- "%s [Update:SEND] suppress announcement to peer AS %d is AS
path.",
+ "%s [Update:SEND] suppress announcement to peer AS %u is AS
path.",
rsclient->host, rsclient->as);
return 0;
}
@@ -5956,7 +5956,7 @@ route_vty_out_detail (struct vty *vty, s
if (CHECK_FLAG (binfo->flags, BGP_INFO_STALE))
vty_out (vty, ", (stale)");
if (CHECK_FLAG (attr->flag, ATTR_FLAG_BIT (BGP_ATTR_AGGREGATOR)))
- vty_out (vty, ", (aggregated by %d %s)",
+ vty_out (vty, ", (aggregated by %u %s)",
attr->extra->aggregator_as,
inet_ntoa (attr->extra->aggregator_addr));
if (CHECK_FLAG (binfo->peer->af_flags[afi][safi],
PEER_FLAG_REFLECTOR_CLIENT))
--- bgpd/bgp_vty.c
+++ bgpd/bgp_vty.c
@@ -334,11 +334,11 @@ DEFUN (router_bgp,
VTY_NEWLINE);
return CMD_WARNING;
case BGP_ERR_AS_MISMATCH:
- vty_out (vty, "BGP is already running; AS is %d%s", as, VTY_NEWLINE);
+ vty_out (vty, "BGP is already running; AS is %u%s", as, VTY_NEWLINE);
return CMD_WARNING;
case BGP_ERR_INSTANCE_MISMATCH:
vty_out (vty, "BGP view name and AS number mismatch%s", VTY_NEWLINE);
- vty_out (vty, "BGP instance is already running; AS is %d%s",
+ vty_out (vty, "BGP instance is already running; AS is %u%s",
as, VTY_NEWLINE);
return CMD_WARNING;
}
@@ -1280,10 +1280,10 @@ peer_remote_as_vty (struct vty *vty, con
switch (ret)
{
case BGP_ERR_PEER_GROUP_MEMBER:
- vty_out (vty, "%% Peer-group AS %d. Cannot configure remote-as for
member%s", as, VTY_NEWLINE);
+ vty_out (vty, "%% Peer-group AS %u. Cannot configure remote-as for
member%s", as, VTY_NEWLINE);
return CMD_WARNING;
case BGP_ERR_PEER_GROUP_PEER_TYPE_DIFFERENT:
- vty_out (vty, "%% The AS# can not be changed from %d to %s, peer-group
members must be all internal or all external%s", as, as_str, VTY_NEWLINE);
+ vty_out (vty, "%% The AS# can not be changed from %u to %s, peer-group
members must be all internal or all external%s", as, as_str, VTY_NEWLINE);
return CMD_WARNING;
}
return bgp_vty_return (vty, ret);
@@ -1601,7 +1601,7 @@ DEFUN (neighbor_set_peer_group,

if (ret == BGP_ERR_PEER_GROUP_PEER_TYPE_DIFFERENT)
{
- vty_out (vty, "%% Peer with AS %d cannot be in this peer-group, members
must be all internal or all external%s", as, VTY_NEWLINE);
+ vty_out (vty, "%% Peer with AS %u cannot be in this peer-group, members
must be all internal or all external%s", as, VTY_NEWLINE);
return CMD_WARNING;
}

@@ -6669,7 +6669,7 @@ bgp_show_summary (struct vty *vty, struc

/* Usage summary and header */
vty_out (vty,
- "BGP router identifier %s, local AS number %d%s",
+ "BGP router identifier %s, local AS number %u%s",
inet_ntoa (bgp->router_id), bgp->as, VTY_NEWLINE);

ents = bgp_table_count (bgp->rib[afi][safi]);
@@ -6716,7 +6716,7 @@ bgp_show_summary (struct vty *vty, struc

vty_out (vty, "4 ");

- vty_out (vty, "%5d %7d %7d %8d %4d %4lu ",
+ vty_out (vty, "%5u %7d %7d %8d %4d %4lu ",
peer->as,
peer->open_in + peer->update_in + peer->keepalive_in
+ peer->notify_in + peer->refresh_in + peer->dynamic_cap_in,
@@ -7226,8 +7226,8 @@ bgp_show_peer (struct vty *vty, struct p

/* Configured IP address. */
vty_out (vty, "BGP neighbor is %s, ", p->host);
- vty_out (vty, "remote AS %d, ", p->as);
- vty_out (vty, "local AS %d%s, ",
+ vty_out (vty, "remote AS %u, ", p->as);
+ vty_out (vty, "local AS %u%s, ",
p->change_local_as ? p->change_local_as : p->local_as,
CHECK_FLAG (p->flags, PEER_FLAG_LOCAL_AS_NO_PREPEND) ?
" no-prepend" : "");
@@ -8009,7 +8009,7 @@ bgp_show_rsclient_summary (struct vty *v
"Route Server's BGP router identifier %s%s",
inet_ntoa (bgp->router_id), VTY_NEWLINE);
vty_out (vty,
- "Route Server's local AS number %d%s", bgp->as,
+ "Route Server's local AS number %u%s", bgp->as,
VTY_NEWLINE);

vty_out (vty, "%s", VTY_NEWLINE);

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages