[bgpd] low-impact DoS: crash on malformed community with debug set

2007-09-07 Paul Jakma <paul.jakma@sun.com> * (general) bgpd can be made crash by remote peers if debug bgp updates is set, due to NULL pointer dereference. Reported by "Mu Security Research Team", <security@musecurity.com>. * bgp_attr.c: (bgp_attr_community) If community length is 0, don't set the community-present attribute bit, just return early. * bgp_debug.c: (community_str,community_com2str) Check com pointer before dereferencing.
author: Paul Jakma <paul.jakma@sun.com> 2007-09-07 16:24:55 +0200
committer: Paul Jakma <paul.jakma@sun.com> 2007-09-07 16:24:55 +0200
commit: b2ceea18074ab8cca894051a3fbc30c312e3acc6 (patch)
tree: 3dfc9d1572582ed26cedad37768be9a57a67f5a8 /bgpd/bgp_community.c
parent: + fixed bug #400: adjusted rtread_sysctl.c:route_read() (diff)
download: frr-b2ceea18074ab8cca894051a3fbc30c312e3acc6.tar.xz
frr-b2ceea18074ab8cca894051a3fbc30c312e3acc6.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/bgpd/bgp_community.c b/bgpd/bgp_community.c
index 07b8cf81f..d5e9821be 100644
--- a/bgpd/bgp_community.c
+++ b/bgpd/bgp_community.c
@@ -206,6 +206,9 @@ community_com2str  (struct community *com)
   u_int16_t as;
   u_int16_t val;
 
+  if (!com)
+    return NULL;
+  
   /* When communities attribute is empty.  */
   if (com->size == 0)
     {
@@ -377,6 +380,9 @@ community_dup (struct community *com)
 char *
 community_str (struct community *com)
 {
+  if (!com)
+    return NULL;
+  
   if (! com->str)
     com->str = community_com2str (com);
   return com->str;
author	Paul Jakma <paul.jakma@sun.com>	2007-09-07 16:24:55 +0200
committer	Paul Jakma <paul.jakma@sun.com>	2007-09-07 16:24:55 +0200
commit	b2ceea18074ab8cca894051a3fbc30c312e3acc6 (patch)
tree	3dfc9d1572582ed26cedad37768be9a57a67f5a8 /bgpd/bgp_community.c
parent	+ fixed bug #400: adjusted rtread_sysctl.c:route_read() (diff)
download	frr-b2ceea18074ab8cca894051a3fbc30c312e3acc6.tar.xz frr-b2ceea18074ab8cca894051a3fbc30c312e3acc6.zip