This version of FRR contains these fixes since the last release:
1. Improved Packaging for debian related builds.
2. Fix for a invalid AS-PATH length in BGP.
3. Fix for miss-handling of BGP attributes in an error situation.
(Re-Release of 2.0.1 which missed some version number and changelog updates)
Signed-off-by: Martin Winter <email address hidden>
55bc81d...
by
Quentin Young <email address hidden>
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <email address hidden>
redhat: Always reference main frr start/stop script in /usr/lib/frr
* Fixes issue where daemon default config tried to use /etc/init.d/frr script which doesn't exist on systemd systems
Signed-off-by: Martin Winter <email address hidden>
4acd566...
by
Andreas Jaggi <email address hidden>
bgpd: Fix AS_PATH size calculation for long paths
If you have an AS_PATH with more entries than
what can be written into a single AS_SEGMENT_MAX
it needs to be broken up. The code that noticed
that the AS_PATH needs to be broken up was not
correctly calculating the size of the resulting
message. This patch addresses this issue.
This patch was built from an email that Andreas
sent to the dev alias for FRRouting.
Fixes: #1114
Signed-off-by: Andreas Jaggi <email address hidden>
Signed-off-by: Donald Sharp <email address hidden>