Merged
Conversation
…bility In peek_for_as4_capability the code is checking that the stream has at least 2 bytes to read ( the opt_type and the opt_length ). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) is configured then FRR is reading 3 bytes. Which is not good since the packet could be badly formated. Ensure that FRR has the appropriate data length to read the data. Signed-off-by: Donald Sharp <[email protected]>
…arse In bgp_open_option_parse the code is checking that the stream has at least 2 bytes to read ( the opt_type and the opt_length). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) is configured then FRR is reading 3 bytes. Which is not good since the packet could be badly formateed. Ensure that FRR has the appropriate data length to read the data. Signed-off-by: Donald Sharp <[email protected]>
ton31337
reviewed
Sep 30, 2022
Collaborator
Continuous Integration Result: FAILEDContinuous Integration Result: FAILEDTest incomplete. See below for issues. This is a comment from an automated CI system. Get source / Pull Request: SuccessfulBuilding Stage: SuccessfulBasic Tests: IncompleteTopotests Ubuntu 18.04 arm8 part 1: Incomplete(check logs for details)Successful on other platforms/tests
|
Member
Author
|
ci:rerun some sort of ci system failure? |
Collaborator
Continuous Integration Result: FAILEDContinuous Integration Result: FAILEDSee below for issues. This is a comment from an automated CI system. Get source / Pull Request: SuccessfulBuilding Stage: FailedRedhat 8 amd64 build: Failed (click for details)Redhat 8 amd64 build: No useful log foundSuccessful on other platforms/tests
|
Contributor
|
ci:rerun RedHat CDN certificate foo. |
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-7665/ This is a comment from an automated CI system. |
Member
Author
|
@Mergifyio backport stable/8.2 |
Member
Author
|
@Mergifyio backport stable/8.3 |
Member
Author
|
@Mergifyio backport stable/8.4 |
✅ Backports have been createdDetails
|
This was referenced Oct 7, 2022
✅ Backports have been createdDetails
|
❌ No backport have been createdDetails
|
Member
|
@Mergifyio backport stable/8.4 |
✅ Backports have been createdDetails
|
DavidZagury
added a commit
to DavidZagury/sonic-buildimage
that referenced
this pull request
May 17, 2023
10 tasks
DavidZagury
added a commit
to DavidZagury/sonic-buildimage
that referenced
this pull request
May 17, 2023
10 tasks
qiluo-msft
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 5, 2023
…VE-2022-40302 (#15262) Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs found in FRR 8.2 #### How I did it Take commit from the FRR repo and created a patch from them
qiluo-msft
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 19, 2023
…22-40318… (#15263) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs
yxieca
pushed a commit
to yxieca/sonic-buildimage
that referenced
this pull request
Jun 19, 2023
…22-40318… (sonic-net#15263) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs
11 tasks
yxieca
added a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 20, 2023
…22-40318… (#15263) (#15537) … CVE-2022-40302 Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs GHSA-x7mf-v6gh-vm4g GHSA-9rqq-99cf-35g5 GHSA-j7hm-p94x-q9pw ##### Work item tracking - Microsoft ADO **(number only)**: 23268946 #### How I did it Added patches from the FRR fix PRs Co-authored-by: DavidZagury <[email protected]>
sonic-otn
pushed a commit
to sonic-otn/sonic-buildimage
that referenced
this pull request
Sep 20, 2023
…VE-2022-40302 (sonic-net#15262) Add patches from PRs FRRouting/frr#12043 FRRouting/frr#12247 #### Why I did it To fix CVEs found in FRR 8.2 #### How I did it Take commit from the FRR repo and created a patch from them
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix some possible read beyond end of stream. See individual commits. Making this 2 commits because they are separate functions which effectively do the same thing.