From b2ceea18074ab8cca894051a3fbc30c312e3acc6 Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul.jakma@sun.com>
Date: Fri, 7 Sep 2007 14:24:55 +0000
Subject: [bgpd] low-impact DoS: crash on malformed community with debug set

2007-09-07 Paul Jakma <paul.jakma@sun.com>

	* (general) bgpd can be made crash by remote peers if debug
	  bgp updates is set, due to NULL pointer dereference.
	  Reported by "Mu Security Research Team",
	  <security@musecurity.com>.
	* bgp_attr.c: (bgp_attr_community) If community length is 0,
	  don't set the community-present attribute bit, just return
	  early.
	* bgp_debug.c: (community_str,community_com2str) Check com
	  pointer before dereferencing.
---
 bgpd/ChangeLog | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'bgpd/ChangeLog')

diff --git a/bgpd/ChangeLog b/bgpd/ChangeLog
index 1cf5515b..7542df78 100644
--- a/bgpd/ChangeLog
+++ b/bgpd/ChangeLog
@@ -1,3 +1,15 @@
+2007-09-07 Paul Jakma <paul.jakma@sun.com>
+
+	* (general) bgpd can be made crash by remote peers if debug
+	  bgp updates is set, due to NULL pointer dereference.
+	  Reported by "Mu Security Research Team",
+	  <security@musecurity.com>.
+	* bgp_attr.c: (bgp_attr_community) If community length is 0,
+	  don't set the community-present attribute bit, just return
+	  early.
+	* bgp_debug.c: (community_str,community_com2str) Check com
+	  pointer before dereferencing.
+
 2007-08-27 Paul Jakma <paul.jakma@sun.com>
 
 	* bgp_route.c: (bgp_announce_check) Fix bug #398, slight
-- 
cgit v1.2.1