)]}' { "commit": "5861739f8c38bc36ea9955e5cb2be2bf2f482d70", "tree": "9675845a0b3be97362f3426430c6c2e499e8525c", "parents": [ "50e7a3885da44f8f6c5c639e111109deb055cdf3" ], "author": { "name": "Paul Jakma", "email": "paul@quagga.net", "time": "Mon Jan 09 20:59:26 2012 +0000" }, "committer": { "name": "Paul Jakma", "email": "paul@quagga.net", "time": "Sun Mar 04 23:55:02 2012 +0000" }, "message": "bgpd: Open option parse errors don\u0027t NOTIFY, resulting in abort \u0026 DoS\n\n* bgp_packet.c: (bgp_open_receive) Errors from bgp_open_option_parse are\n detected, and the code will stop processing the OPEN and return. However\n it does so without calling bgp_notify_send to send a NOTIFY - which means\n the peer FSM doesn\u0027t get stopped, and bgp_read will be called again later.\n Because it returns, it doesn\u0027t go through the code near the end of the\n function that removes the current message from the peer input streaam.\n Thus the next call to bgp_read will try to parse a half-parsed stream as\n if it were a new BGP message, leading to an assert later in the code when\n it tries to read stuff that isn\u0027t there. Add the required call to\n bgp_notify_send before returning.\n* bgp_open.c: (bgp_capability_as4) Be a bit stricter, check the length field\n corresponds to the only value it can be, which is the amount we\u0027re going to\n read off the stream. And make sure the capability flag gets set, so\n callers can know this capability was read, regardless.\n (peek_for_as4_capability) Let bgp_capability_as4 do the length check.\n", "tree_diff": [ { "type": "modify", "old_id": "82deb3d05af027491ee10df7fde1ac6123af3370", "old_mode": 33188, "old_path": "bgpd/bgp_open.c", "new_id": "b5b50bb5fa39ea1812476088736ddef6638e7b94", "new_mode": 33188, "new_path": "bgpd/bgp_open.c" }, { "type": "modify", "old_id": "f5a74d1b7778bd0874246a13e91671dbaf24fba4", "old_mode": 33188, "old_path": "bgpd/bgp_packet.c", "new_id": "5d8087a8e520ad78f1cc9de0e51148124c21b2f1", "new_mode": 33188, "new_path": "bgpd/bgp_packet.c" } ] }