Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package frr for openSUSE:Factory checked in at 2023-09-15 22:05:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/frr (Old) and /work/SRC/openSUSE:Factory/.frr.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "frr" Fri Sep 15 22:05:48 2023 rev:26 rq:1111557 version:8.4 Changes: -------- --- /work/SRC/openSUSE:Factory/frr/frr.changes 2023-09-04 22:53:00.298543244 +0200 +++ /work/SRC/openSUSE:Factory/.frr.new.1766/frr.changes 2023-09-15 22:11:21.353751020 +0200 @@ -1,0 +2,8 @@ +Tue Sep 12 13:40:19 UTC 2023 - Marius Tomaschewski <m...@suse.com> + +- Apply upstream fix for NULL pointer dereference due to processing + of malformed requests with no attributes in bgp_nlri_parse_flowspec + (CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8). + [+ 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch] + +------------------------------------------------------------------- New: ---- 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ frr.spec ++++++ --- /var/tmp/diff_new_pack.CLtMQj/_old 2023-09-15 22:11:23.177816238 +0200 +++ /var/tmp/diff_new_pack.CLtMQj/_new 2023-09-15 22:11:23.177816238 +0200 @@ -50,6 +50,7 @@ Patch9: 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch Patch10: 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch Patch11: 0011-babeld-fix-11808-to-avoid-infinite-loops.patch +Patch12: 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison >= 2.7 @@ -198,6 +199,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build # GCC LTO objects must be "fat" to avoid assembly errors ++++++ 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch ++++++ >From 168204de6371f594c4f1ebac30ca3e181a851e39 Mon Sep 17 00:00:00 2001 From: Donald Sharp <sha...@nvidia.com> Date: Wed, 5 Apr 2023 14:57:05 -0400 Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit withdrawal Upsteam: yes References: CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 All other parsing functions done from bgp_nlri_parse() assume no attributes == an implicit withdrawal. Let's move bgp_nlri_parse_flowspec() into the same alignment. Reported-by: Matteo Memelli <mmeme...@amazon.it> Signed-off-by: Donald Sharp <sha...@nvidia.com> Signed-off-by: Marius Tomaschewski <m...@suse.com> diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index 39c0cfe514..fe1f0d50f8 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, afi = packet->afi; safi = packet->safi; + /* + * All other AFI/SAFI's treat no attribute as a implicit + * withdraw. Flowspec should as well. + */ + if (!attr) + withdraw = 1; + if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) { flog_err(EC_BGP_FLOWSPEC_PACKET, "BGP flowspec nlri length maximum reached (%u)", -- 2.35.3
