aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2022-10-13 11:04:36 +0800
committerArmin Kuster <akuster808@gmail.com>2022-10-13 10:59:41 -0400
commit744a4b6eda88b9a9ca1cf0df6e18be384d9054e3 (patch)
treeab564d2861b4066e74aaf12b276f17399004f54c
parenta7b999dba0077c149dcb2b6b726f50a9cf6828fc (diff)
downloadmeta-openembedded-contrib-744a4b6eda88b9a9ca1cf0df6e18be384d9054e3.tar.gz
frr: Security fix CVE-2022-37032
CVE-2022-37032: An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-37032 Patch from: https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat
-rw-r--r--meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch42
-rw-r--r--meta-networking/recipes-protocols/frr/frr_8.2.2.bb1
2 files changed, 43 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch
new file mode 100644
index 0000000000..672bc9514a
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch
@@ -0,0 +1,42 @@
+From 3c4821679f2362bcd38fcc7803f28a5210441ddb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Thu, 21 Jul 2022 08:11:58 -0400
+Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
+ expected
+
+Ensure that if the capability length specified is enough data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+
+CVE: CVE-2022-37032
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ bgpd/bgp_packet.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index 7c92a8d9e..bcd47e32d 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -2440,6 +2440,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
+ "%s CAPABILITY has action: %d, code: %u, length %u",
+ peer->host, action, hdr->code, hdr->length);
+
++ if (hdr->length < sizeof(struct capability_mp_data)) {
++ zlog_info(
++ "%s Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
++ peer->host, sizeof(struct capability_mp_data),
++ hdr->length);
++ return BGP_Stop;
++ }
++
+ /* Capability length check. */
+ if ((pnt + hdr->length + 3) > end) {
+ zlog_info("%s Capability length error", peer->host);
+--
+2.25.1
+
diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index 62f548f84d..658731567d 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
file://CVE-2022-37035.patch \
+ file://CVE-2022-37032.patch \
file://frr.pam \
"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 13:18:17 +0000