]> git.ipfire.org Git - thirdparty/bird.git/commit
projects / thirdparty / bird.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 02d082a) | patch
Fix several issues in Flowspec handling master oz-test
authorOndrej Zajicek <santiago@crfreenet.org>
Fri, 5 Jun 2026 13:48:46 +0000 (15:48 +0200)
committerOndrej Zajicek <santiago@crfreenet.org>
Fri, 5 Jun 2026 15:31:04 +0000 (17:31 +0200)
commit2f563413ebb17f6282f0f0bb91975e323e0fc451
tree6f4a6a1cfb990306a23f893de0392e16c8b32f32tree | snapshot
parent02d082a71257944a6038320b43b0f5d95af19548commit | diff
Fix several issues in Flowspec handling

The patch fixes several issues in Flowspec handling, namely:

 - Out-of-bounds read during flowspec validation
 - Rejection of NLRI for anomalies that MUST be ignored
 - Incorrect check of operand lengths
 - Broken label component construction
 - Broken formatting of IPv6 prefixes with specific offsets

The first issue was reported by multiple people in recent time.

The second issue found by Bronson Yen of Calif.io in collaboration
with Claude and Anthropic Research.
conf/flowspec.Y diff | blob | blame | history
doc/bird.sgml diff | blob | blame | history
lib/flowspec.c diff | blob | blame | history
lib/flowspec.h diff | blob | blame | history
lib/flowspec_test.c diff | blob | blame | history
proto/bgp/packets.c diff | blob | blame | history
Mirror of https://gitlab.labs.nic.cz/labs/bird.git