aboutsummaryrefslogtreecommitdiffstats
path: root/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch')
-rw-r--r--main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
new file mode 100644
index 0000000000..79ecaebfb3
--- /dev/null
+++ b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
@@ -0,0 +1,28 @@
+From fc6fefacad2a82f1d0470ba73015e117076b6116 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Sun, 19 Jul 2020 18:07:31 +0300
+Subject: [PATCH] nhrpd: change ipsec SA count to 32-bit
+
+Under certain misconfigurations, the SA count can be unusually high
+and wrap 8-bit counter. That leads to premature free, and crash.
+Make the count 32-bit to avoid crash in these rare conditions.
+---
+ nhrpd/nhrpd.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h
+index 9222ad4e..7c73717f 100644
+--- a/nhrpd/nhrpd.h
++++ b/nhrpd/nhrpd.h
+@@ -123,7 +123,7 @@ enum nhrp_notify_type {
+
+ struct nhrp_vc {
+ struct notifier_list notifier_list;
+- uint8_t ipsec;
++ uint32_t ipsec;
+ uint8_t updating;
+ uint8_t abort_migration;
+
+--
+2.27.0
+