]> git.ipfire.org Git - thirdparty/bird.git/commit
projects / thirdparty / bird.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a02d79) | patch
Nest: Function aspa_check() should return ASPA_INVALID for paths containing AS_SET
authorEvann DREUMONT <53308142+LeGmask@users.noreply.github.com>
Tue, 2 Sep 2025 14:23:34 +0000 (16:23 +0200)
committerMaria Matejka <mq@ucw.cz>
Wed, 3 Sep 2025 13:57:56 +0000 (15:57 +0200)
commit518b2fdfdfcb9db97559ee771865e74580b9105f
treec3738d12f14c13b1002140d8d6dc2e93593653ebtree | snapshot
parent6a02d7995706c7774425582a6fc0ce74bf682568commit | diff
Nest: Function aspa_check() should return ASPA_INVALID for paths containing AS_SET

The aspa_check() uses as_path_getlen() to estimate the size of a buffer,
which does not work for AS_SET segments, because as_path_getlen() returns
length 1 for them regardless of their length. This may cause buffer
overflow and crash.

As AS_SET segments are not valid for ASPA verification, we can just
handle them explicitly. See https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification#section-6

Co-Authored-By: Alarig <alarig@swordarmor.fr>
Minor changes by committer.
lib/a-path.c diff | blob | blame | history
lib/attrs.h diff | blob | blame | history
nest/rt-table.c diff | blob | blame | history
Mirror of https://gitlab.labs.nic.cz/labs/bird.git