diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2020-07-19 18:11:36 +0300 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2021-02-06 15:33:50 +0000 |
| commit | eaa5f7f21073b1128ae9a47ea09147858221fb37 (patch) | |
| tree | 8eeb8d89e1efe93df857e98d1922aa1e4c2bbdc0 | |
| parent | 00a7e2b8c8e5f240c255e59d8e404ab8ee65a8be (diff) | |
main/quagga: cherry pick ipsec SA counter overflow fix
Hopefully fixes #11755
Cherry-picked from: 40642c0136fecf1b37f08dc456c175c7a75ebe98
| -rw-r--r-- | main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch | 28 | ||||
| -rw-r--r-- | main/quagga/APKBUILD | 4 |
2 files changed, 31 insertions, 1 deletions
diff --git a/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch new file mode 100644 index 00000000000..79ecaebfb3d --- /dev/null +++ b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch @@ -0,0 +1,28 @@ +From fc6fefacad2a82f1d0470ba73015e117076b6116 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Sun, 19 Jul 2020 18:07:31 +0300 +Subject: [PATCH] nhrpd: change ipsec SA count to 32-bit + +Under certain misconfigurations, the SA count can be unusually high +and wrap 8-bit counter. That leads to premature free, and crash. +Make the count 32-bit to avoid crash in these rare conditions. +--- + nhrpd/nhrpd.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h +index 9222ad4e..7c73717f 100644 +--- a/nhrpd/nhrpd.h ++++ b/nhrpd/nhrpd.h +@@ -123,7 +123,7 @@ enum nhrp_notify_type { + + struct nhrp_vc { + struct notifier_list notifier_list; +- uint8_t ipsec; ++ uint32_t ipsec; + uint8_t updating; + uint8_t abort_migration; + +-- +2.27.0 + diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD index 25cd4f762e4..d00cbceba07 100644 --- a/main/quagga/APKBUILD +++ b/main/quagga/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=quagga pkgver=1.2.4 -pkgrel=2 +pkgrel=3 pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF, BGP and NHRP" url="http://quagga.net/" arch="all" @@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg" pkgusers="quagga" pkggroups="quagga" source="https://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz + 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch 1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch dont-hook-core-signals.patch @@ -71,6 +72,7 @@ package() { install -o quagga -g quagga -d -m755 "$pkgdir"/etc/quagga } sha512sums="3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd quagga-1.2.4.tar.gz +264103030fa8d57e7e7bd8a271b258dd8bae86242e15431060e20827b62de46be6f59617c216161aa7bc141c9e18a5aecbdb342545288340024c40f46c717aa4 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch dfa33341119fe51caa7bc33b44256f57361f2e3f8192862cca215b312ceb68e6a8c264dbf2a43d6244e6152bfad110cb0fdbefb065d95dd50389cf613d9720b3 1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch 5ef5c5e6d70d991b33b13a062e25b6fbde395dceee36aea29384b0640a48d2957ed5f50d416a1f2f770bf69bae2340133e35b1114be7e1fa722eb6d3d021f37a dont-hook-core-signals.patch 13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd |