bgpd: improve flowspec NLRI validation by mjstapp · Pull Request #20814 · FRRouting/frr

mjstapp · 2026-02-13T14:22:39Z

Validate flowspec NLRIs more carefully during parsing, especially offsets into the message buffer.

Validate flowspec NLRIs more carefully during parsing. Reported-by: Joshua Rogers <joshua@joshua.hu> Signed-off-by: Mark Stapp <mjs@cisco.com>

greptile-apps · 2026-02-13T14:24:56Z

Greptile Overview

Greptile Summary

Enhanced buffer validation in flowspec NLRI parsing functions to prevent out-of-bounds reads. Added three categories of checks:

Initial buffer size validation before do/while loops in bgp_flowspec_op_decode and bgp_flowspec_bitmask_decode
Offset boundary checks before dereferencing buffer contents within loops
Value size validation to ensure computed sizes don't exceed remaining buffer space

These changes address potential security vulnerabilities from malformed BGP flowspec messages.

Confidence Score: 4/5

Safe to merge - fixes security issues with minimal functional risk
Adds defensive boundary checks to prevent buffer overruns without changing parsing logic. All new checks properly set error codes and break/return appropriately. Minor deduction due to lack of test coverage visible in the PR.
No files require special attention - the changes are straightforward security improvements

Important Files Changed

Filename	Overview
bgpd/bgp_flowspec_util.c	Added buffer boundary checks in three parsing functions to prevent out-of-bounds reads when parsing flowspec NLRI data

_{Last reviewed commit: aa0a8cc}

mjstapp · 2026-02-13T15:00:10Z

@Mergifyio backport dev/10.6 stable/10.5 stable/10.4 stable/10.3 stable/10.2 stable/10.1 stable/10.0

mergify · 2026-02-13T15:00:45Z

backport dev/10.6 stable/10.5 stable/10.4 stable/10.3 stable/10.2 stable/10.1 stable/10.0

✅ Backports have been created

Details

#20825 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch dev/10.6
#20826 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch stable/10.5
#20827 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch stable/10.4
#20828 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch stable/10.3
#20829 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch stable/10.2
#20830 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch stable/10.1
#20831 bgpd: improve flowspec NLRI validation (backport #20814) has been created for branch stable/10.0

bgpd: improve flowspec NLRI validation (backport #20814)

bgpd: improve flowspec NLRI validation

aa0a8cc

Validate flowspec NLRIs more carefully during parsing. Reported-by: Joshua Rogers <joshua@joshua.hu> Signed-off-by: Mark Stapp <mjs@cisco.com>

mjstapp added this to the 10.6 milestone Feb 13, 2026

mjstapp added the bugfix label Feb 13, 2026

frrbot bot added the bgp label Feb 13, 2026

github-actions bot added master size/M labels Feb 13, 2026

github-actions bot added the backport label Feb 13, 2026

donaldsharp merged commit d481ea2 into FRRouting:master Feb 13, 2026
25 checks passed

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20825 from FRRouting/mergify/bp/dev/10.6/pr-20814

c261f32

bgpd: improve flowspec NLRI validation (backport #20814)

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20826 from FRRouting/mergify/bp/stable/10.5/pr-20814

6ebc6e2

bgpd: improve flowspec NLRI validation (backport #20814)

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20827 from FRRouting/mergify/bp/stable/10.4/pr-20814

bef959b

bgpd: improve flowspec NLRI validation (backport #20814)

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20828 from FRRouting/mergify/bp/stable/10.3/pr-20814

f40cb19

bgpd: improve flowspec NLRI validation (backport #20814)

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20830 from FRRouting/mergify/bp/stable/10.1/pr-20814

cb86a7c

bgpd: improve flowspec NLRI validation (backport #20814)

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20829 from FRRouting/mergify/bp/stable/10.2/pr-20814

69071e7

bgpd: improve flowspec NLRI validation (backport #20814)

donaldsharp added a commit that referenced this pull request Feb 13, 2026

Merge pull request #20831 from FRRouting/mergify/bp/stable/10.0/pr-20814

31da0bd

bgpd: improve flowspec NLRI validation (backport #20814)

mattiaswal mentioned this pull request Mar 18, 2026

Bump FRR to 10.5.3 kernelkit/infix#1451

Merged

17 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bgpd: improve flowspec NLRI validation#20814

bgpd: improve flowspec NLRI validation#20814
donaldsharp merged 1 commit intoFRRouting:masterfrom
mjstapp:fix_bgp_flowspec_parse

mjstapp commented Feb 13, 2026

Uh oh!

greptile-apps bot commented Feb 13, 2026

Uh oh!

mjstapp commented Feb 13, 2026

Uh oh!

mergify bot commented Feb 13, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

mjstapp commented Feb 13, 2026

Uh oh!

greptile-apps bot commented Feb 13, 2026

Greptile Overview

Greptile Summary

Confidence Score: 4/5

Important Files Changed

Uh oh!

mjstapp commented Feb 13, 2026

Uh oh!

mergify bot commented Feb 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Backports have been created

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

mergify bot commented Feb 13, 2026 •

edited

Loading