aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2020-07-19 18:11:36 +0300
committerTimo Teräs <timo.teras@iki.fi>2020-07-19 18:19:38 +0300
commit40642c0136fecf1b37f08dc456c175c7a75ebe98 (patch)
tree1c6d0537ceed5a284c6d38e62a411bba5555b20a
parentc1d04a8e1324ac4b09c27efcd5f9be9c96fd9857 (diff)
downloadaports-40642c0136fecf1b37f08dc456c175c7a75ebe98.tar.gz
aports-40642c0136fecf1b37f08dc456c175c7a75ebe98.tar.bz2
aports-40642c0136fecf1b37f08dc456c175c7a75ebe98.tar.xz
main/quagga: cherry pick ipsec SA counter overflow fix
Hopefully fixes #11755
-rw-r--r--main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch28
-rw-r--r--main/quagga/APKBUILD4
2 files changed, 31 insertions, 1 deletions
diff --git a/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
new file mode 100644
index 0000000000..79ecaebfb3
--- /dev/null
+++ b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
@@ -0,0 +1,28 @@
+From fc6fefacad2a82f1d0470ba73015e117076b6116 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Sun, 19 Jul 2020 18:07:31 +0300
+Subject: [PATCH] nhrpd: change ipsec SA count to 32-bit
+
+Under certain misconfigurations, the SA count can be unusually high
+and wrap 8-bit counter. That leads to premature free, and crash.
+Make the count 32-bit to avoid crash in these rare conditions.
+---
+ nhrpd/nhrpd.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h
+index 9222ad4e..7c73717f 100644
+--- a/nhrpd/nhrpd.h
++++ b/nhrpd/nhrpd.h
+@@ -123,7 +123,7 @@ enum nhrp_notify_type {
+
+ struct nhrp_vc {
+ struct notifier_list notifier_list;
+- uint8_t ipsec;
++ uint32_t ipsec;
+ uint8_t updating;
+ uint8_t abort_migration;
+
+--
+2.27.0
+
diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD
index 381b8fb307..c0cf8b84ee 100644
--- a/main/quagga/APKBUILD
+++ b/main/quagga/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=quagga
pkgver=1.2.4
-pkgrel=3
+pkgrel=4
pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF, BGP and NHRP"
url="http://quagga.net/"
arch="all"
@@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg"
pkgusers="quagga"
pkggroups="quagga"
source="https://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz
+ 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch
dont-hook-core-signals.patch
@@ -67,6 +68,7 @@ package() {
install -o quagga -g quagga -d -m755 "$pkgdir"/etc/quagga
}
sha512sums="3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd quagga-1.2.4.tar.gz
+264103030fa8d57e7e7bd8a271b258dd8bae86242e15431060e20827b62de46be6f59617c216161aa7bc141c9e18a5aecbdb342545288340024c40f46c717aa4 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
dfa33341119fe51caa7bc33b44256f57361f2e3f8192862cca215b312ceb68e6a8c264dbf2a43d6244e6152bfad110cb0fdbefb065d95dd50389cf613d9720b3 1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch
5ef5c5e6d70d991b33b13a062e25b6fbde395dceee36aea29384b0640a48d2957ed5f50d416a1f2f770bf69bae2340133e35b1114be7e1fa722eb6d3d021f37a dont-hook-core-signals.patch
13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd