Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Quagga>
  3. Dev
Quagga Security Note 2018-1114
heidinet2017 at gmail
Mar 20, 2018, 12:18 PM
Post #1 of 1 (508 views)
Permalink
I have one question regarding the Quagga releases impacted by the BGP security issue listed in
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt <https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt>


According to the commit comments at

http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded <http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded>

It is possible for bgpd to double-free an unknown attribute. This can happen
via bgp_update_receive receiving an UPDATE with an invalid unknown attribute.
bgp_update_receive then will call bgp_attr_unintern_sub and bgp_attr_flush,
and the latter may try free an already freed unknown attr.

It appears that the double free was caused by the following calls:
bgp_update_receive
bgp_attr_unintern_sub
bgp_attr_flush

However, bgp_attr_flush () was added into bgp_update_receive () in releases after
0.99.24.1. So does that mean releases without bgp_attr_flush() have less chance to hit the problem?

thanks
- Heidi

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal