| From e61593f2ded104c4c7f01eb93e2b404e93e0c560 Mon Sep 17 00:00:00 2001 |
| From: harryreps <harryreps@gmail.com> |
| Date: Fri, 3 Mar 2023 23:17:14 +0000 |
| Subject: [PATCH] babeld: fix #11808 to avoid infinite loops |
| |
| Replacing continue in loops to goto done so that index of packet buffer |
| increases. |
| |
| Signed-off-by: harryreps <harryreps@gmail.com> |
| |
| CVE: CVE-2023-3748 |
| |
| Upstream-Status: Backport |
| [https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0] |
| |
| Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
| --- |
| babeld/message.c | 6 +++--- |
| 1 file changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/babeld/message.c b/babeld/message.c |
| index 7d45d91bf..2bf233796 100644 |
| --- a/babeld/message.c |
| +++ b/babeld/message.c |
| @@ -439,7 +439,7 @@ parse_packet(const unsigned char *from, struct interface *ifp, |
| debugf(BABEL_DEBUG_COMMON, |
| "Received Hello from %s on %s that does not have all 0's in the unused section of flags, ignoring", |
| format_address(from), ifp->name); |
| - continue; |
| + goto done; |
| } |
| |
| /* |
| @@ -451,7 +451,7 @@ parse_packet(const unsigned char *from, struct interface *ifp, |
| debugf(BABEL_DEBUG_COMMON, |
| "Received Unicast Hello from %s on %s that FRR is not prepared to understand yet", |
| format_address(from), ifp->name); |
| - continue; |
| + goto done; |
| } |
| |
| DO_NTOHS(seqno, message + 4); |
| @@ -469,7 +469,7 @@ parse_packet(const unsigned char *from, struct interface *ifp, |
| debugf(BABEL_DEBUG_COMMON, |
| "Received hello from %s on %s should be ignored as that this version of FRR does not know how to properly handle interval == 0", |
| format_address(from), ifp->name); |
| - continue; |
| + goto done; |
| } |
| |
| changed = update_neighbour(neigh, seqno, interval); |
| -- |
| 2.25.1 |
| |