diff options
| author | Paul Jakma <paul.jakma@sun.com> | 2007-12-22 16:49:52 +0000 |
|---|---|---|
| committer | Paul Jakma <paul.jakma@sun.com> | 2007-12-22 16:49:52 +0000 |
| commit | 370b64a2ad38e43b4bed028960481bbf4192becd (patch) | |
| tree | ebecb7f934a7058d582e52b5c64a21eb676ec994 /tests | |
| parent | a7f93f3e060fdb2dc7bf5ff4ed4563d4b689bc6c (diff) | |
[bgpd] Fix number of DoS security issues, restricted to configured peers.
2007-12-22 Paul Jakma <paul.jakma@sun.com>
* Fix series of vulnerabilities reported by "Mu Security
Research Team", where bgpd can be made to crash by sending
malformed packets - requires that bgpd be configured with a
session to the peer.
* bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only
set the attribute flag indicating AS4_PATH if we actually managed
to parse one.
(bgp_attr_munge_as4_attrs) Assert was too general, it is possible
to receive AS4_AGGREGATOR before AGGREGATOR.
(bgp_attr_parse) Check that we have actually received the extra
byte of header for Extended-Length attributes.
* bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte.
* bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART,
incorrect -2 left in place from a development version of as4-path
patch.
* bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter
needs to be properly sanity checked.
* tests/bgp_capability_test.c: Test for empty capabilities.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/ChangeLog | 4 | ||||
| -rw-r--r-- | tests/bgp_capability_test.c | 30 |
2 files changed, 34 insertions, 0 deletions
diff --git a/tests/ChangeLog b/tests/ChangeLog index 94f58749..16412bde 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,7 @@ +2007-12-22 Paul Jakma <paul.jakma@sun.com> + + * bgp_capability_test.c: Test for empty capabilities. + 2007-09-27 Paul Jakma <paul.jakma@sun.com> * aspath_test.c: Test dupe-weeding from sets. diff --git a/tests/bgp_capability_test.c b/tests/bgp_capability_test.c index 6771b579..0dbf4fb9 100644 --- a/tests/bgp_capability_test.c +++ b/tests/bgp_capability_test.c @@ -362,6 +362,36 @@ static struct test_segment misc_segments[] = }, 15, SHOULD_ERR, }, + { "GR-empty", + "GR capability, but empty.", + { /* hdr */ 0x40, 0x0, + }, + 2, SHOULD_ERR, + }, + { "MP-empty", + "MP capability, but empty.", + { /* hdr */ 0x1, 0x0, + }, + 2, SHOULD_ERR, + }, + { "ORF-empty", + "ORF capability, but empty.", + { /* hdr */ 0x3, 0x0, + }, + 2, SHOULD_ERR, + }, + { "AS4-empty", + "AS4 capability, but empty.", + { /* hdr */ 0x41, 0x0, + }, + 2, SHOULD_ERR, + }, + { "dyn-empty", + "Dynamic capability, but empty.", + { /* hdr */ 0x42, 0x0, + }, + 2, SHOULD_PARSE, + }, { "dyn-old", "Dynamic capability (deprecated version)", { CAPABILITY_CODE_DYNAMIC, 0x0 }, |