Age | Commit message (Collapse) | Author |
|
This vulnerability (CERT-FI #513254) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.
The problem occurs when bgpd receives an UPDATE message containing
255 unknown AS_PATH attributes in Path Attribute Extended Communities.
This causes a buffer overlow in bgpd.
* bgp_ecommunity.c
* ecommunity_ecom2str(): perform size check earlier
|
|
* lib/prefix.h
* IPV4_CLASS_DE(): new helper macro
* bgp_attr.c
* bgp_attr_nexthop(): add check for "partial" bit, refresh flag error
reporting, explain meaning of RFC4271 section 6.3 and implement it
|
|
* bgp_debug.c (bgp_notify_open_msg, bgp_notify_update_msg,
bgp_notify_cease_msg, bgp_notify_capability_msg): add messages for
"unspecific" subcode.
|
|
* log.[ch]
* mes_lookup: add a parameter with the name of the message list, print
the name in case of failure.
* LOOKUP macro: pass the name of the message list.
|
|
* bgp_attr.c
* bgp_attr_atomic(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra argument
|
|
* bgp_attr.c
* bgp_attr_med(): add checks for "optional", "transitive" and
"partial" bits, log each error condition independently
|
|
* bgp_attr.c
* bgp_attr_local_pref(): accept extra argument, add checks for
"optional" and "transitive" bits, log each error condition
independently
* bgp_attr_parse(): provide extra argument
|
|
Other platform may have compatible facilities.
|
|
|
|
|
|
* isis_pdu.c: Divide hello interval by three, depending if we are DIS or
not.
|
|
The crash is due to threads accessing data that gets destroyed
during the removal of the configuration.
* isis_circuit.c: Destroy adjacencies to stop adjacency expiry thread.
Stop PSNP threads.
* isisd.c: Change state of circuit back to INIT and reassign the
circuit structure to isis->init_circ_list rather than destroying
the circuit data structure. Stop SPF threads. Stop LSP generation
threads.
* isisd.h: Add pointers to LSP threads into area structure in order to
stop them in isisd.c
* isis_lsp.c: Store pointer to LSP thread in area structure.
* isis_pdu.c: Stop PDU generation for a circuit with a removed area.
* isis_pfpacket.c: Stop processing received PDUs for a circuit with a
removed area.
|
|
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf
table. This ensures that the associated ospf6_vertex structures
are also freed.
* ospf6_spf.c: Only allocate a priority queue when a spf calculation
is actually performed.
|
|
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug
option. This allows ospf6 route memory debugging to be enabled or
disabled interactively or from a config file.
|
|
|
|
Recent versions of libc on Linux (Debian Testing) create lots of
compile warnings about direct usage of libutil.h
|
|
* ospfd.texi: Adjust meaning of the rfc1583compatibility option in
order to match the RFC specification and the actual source code.
|
|
* ospf6_area.c
* ospf6_area_config_write(): write filter-list, import-list and
export-list lines
|
|
"While setting up a testbed, I ran across a little problem in the
parsing of the "graceful restart" BGP capability that resulted in
Quagga not actually activating it for the peer in question - when
the peer sent a single AFI/SAFI block."
* bgp_open.c
* bgp_capability_restart(): actually process the last AFI/SAFI block
|
|
This essentially merges the fix available from Debian build of Quagga.
* ospf6_area.c
* area_filter_list(): use correct argv indices
* no_area_filter_list(): idem
|
|
* bgp_packet.c
* bgp_notify_send_with_data(): add calls to zlog_info()
|
|
|
|
* rt_netlink.c
* netlink_route_change(): fetch metric information like
netlink_routing_table() does and pass it further
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 68575f4babf4d6fc302c366898a1047f13629214.
|
|
|
|
Since 46bc0e432e75, all the binaries are built as Position-Independed
Executables (if available and enabled). ospfd was missed for some
unknown reason.
|
|
* ospf_ase.c
* ospf_ase_complete_direct_routes(): dismiss unused variable
* ospf_ase_calculate_route(): put assignments into parentheses
|
|
|
|
* ospf6_main.c: include required headers
* ospf6_asbr.h: idem
* ospf6_spf.c
* ospf6_spf_install(): remove unused variables
|
|
* ospf_spf.c
* ROUTER_LSA_TOS_SIZE: prepend OSPF_ and move to ospf_lsa.h
* ROUTER_LSA_MIN_SIZE: replace with existing OSPF_ROUTER_LSA_LINK_SIZE
|
|
(This commit is based on the patch from BZ#420, and should fix that bug.)
* configure.ac: detect availability of that API
* sockopt.c (setsockopt_ipv4_multicast): use it for join/leave IPv4
multicast groups
|
|
* sockopt.c (setsockopt_ipv4_multicast): check for wrong optname with
assert(), rather than return an error.
|
|
Two extern declarations in ospf6_abr.h are based on struct ospf6_route,
which may not be available at the time ospf6_abr.h is included. This may
lead to warnings after including ospf6_abr.h just for the structures
defined in it.
|
|
|
|
|
|
* sockopt.c (setsockopt_ipv4_multicast_if): fix missed line in
the previous commit.
|
|
* ospf6_abr.c
* ospf6_abr_examin_summary(): only fill "buf" when it is used
|
|
* sockopt.[ch] (setsockopt_ipv4_multicast): ifindex is now mandatory (all
non-ancient OSes can use it anyway), and if_addr parameter (the address
of the interface) is now gone. (setsockopt_ipv4_multicast_if):
IP_MULTICAST_IF processing moved to this new function
* ospf_network.c (ospf_if_add_allspfrouters, ospf_if_drop_allspfrouters,
ospf_if_add_alldrouters, ospf_if_drop_alldrouters, ospf_if_ipmulticast),
rip_interface.c (ipv4_multicast_join, ipv4_multicast_leave,
rip_interface_new): adapt to the new interface
|
|
|
|
* bgp_nexthop.c (show_ip_bgp_scan_tables): access proper structure field
in AF_INET6 case, handle ifindex NH type properly
|
|
bgp_nexthop_onlink(): zlookup is not used here at all
bgp_nexthop_lookup_ipv6(): rely on the detection performed by "query"
function (this also changes the fallback value to 0), reorder if-block
bgp_nexthop_lookup(): idem
|
|
* bgp_nexthop.c: (show_ip_bgp_scan) transform into
show_ip_bgp_scan_tables(), which uses inet_ntop() and can dump
nexthops on request; (show_ip_bgp_scan_detail_cmd) new function
|
|
bgp_nexthop_lookup_ipv6(): declare variables where they are actually
used, drop no-op initialization (the field is already 0)
bgp_nexthop_lookup(): ditto
bgp_nexthop_check_ebgp(): rename to bgp_nexthop_onlink()
bgp_nexthop_cache_changed(): rename to bgp_nexthop_cache_different()
|
|
* bgpd: (bgp_damp_parameter_set) The BGP reuse_index is not initialized
properly. This would cause sporadic crash when disabling dampening. Use
XCALLOC correctly and the right size array is initialized and no memset is
needed.
|
|
The following patch was also neccessary to compile.
* command.c: (config_logmsg_cmd) use "%s" format spec
* if.c: (connected_log) ditto
|