diff options
author | Paul Jakma <paul.jakma@sun.com> | 2007-09-07 14:24:55 +0000 |
---|---|---|
committer | Paul Jakma <paul.jakma@sun.com> | 2007-09-07 14:24:55 +0000 |
commit | b2ceea18074ab8cca894051a3fbc30c312e3acc6 (patch) | |
tree | 3dfc9d1572582ed26cedad37768be9a57a67f5a8 /bgpd/bgp_attr.c | |
parent | 882968e0a2fe65db5aff29149c87f6d292a1cd2d (diff) |
[bgpd] low-impact DoS: crash on malformed community with debug set
2007-09-07 Paul Jakma <paul.jakma@sun.com>
* (general) bgpd can be made crash by remote peers if debug
bgp updates is set, due to NULL pointer dereference.
Reported by "Mu Security Research Team",
<security@musecurity.com>.
* bgp_attr.c: (bgp_attr_community) If community length is 0,
don't set the community-present attribute bit, just return
early.
* bgp_debug.c: (community_str,community_com2str) Check com
pointer before dereferencing.
Diffstat (limited to 'bgpd/bgp_attr.c')
-rw-r--r-- | bgpd/bgp_attr.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index ee17b6d7..9d13ca6e 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1007,7 +1007,10 @@ bgp_attr_community (struct peer *peer, bgp_size_t length, struct attr *attr, u_char flag) { if (length == 0) - attr->community = NULL; + { + attr->community = NULL; + return 0; + } else { attr->community = |