diff options
| author | Samanvitha B Bhargav <bsamanvitha@vmware.com> | 2023-08-01 23:10:35 -0700 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-08-02 17:49:01 +0000 |
| commit | 638b05594ac9552251869710b6631c0c643c81be (patch) | |
| tree | 841002948ebf9649a6a9edde58af2357bca85b65 | |
| parent | 7e2130bb03aa8d8675d865badd46cc33feeb19e2 (diff) | |
bgpd: Fix session reset issue caused by malformed core attributes
RCA:
On encountering any attribute error for core attributes in update message,
the error handling is set to 'treat as withdraw' and
further parsing of the remaining attributes is skipped.
But the stream pointer is not being correctly adjusted to
point to the next NLRI field skipping the rest of the attributes.
This leads to incorrect parsing of the NLRI field,
which causes BGP session to reset.
Fix:
The stream pointer offset is rightly adjusted to point to the NLRI field correctly
when the malformed attribute is encountered and remaining attribute parsing is skipped.
Signed-off-by: Samanvitha B Bhargav <bsamanvitha@vmware.com>
(cherry picked from commit 70ff940fd1cbf920958116c558150ca5d3200eb8)
| -rw-r--r-- | bgpd/bgp_attr.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index ec9f12d61a..3ecffb99d1 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -3570,6 +3570,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr, attr_args.total); if (ret == BGP_ATTR_PARSE_PROCEED) continue; + stream_forward_getp(BGP_INPUT(peer), endp - BGP_INPUT_PNT(peer)); goto done; } @@ -3674,6 +3675,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr, EC_BGP_ATTRIBUTE_PARSE_WITHDRAW, "%s: Attribute %s, parse error - treating as withdrawal", peer->host, lookup_msg(attr_str, type, NULL)); + stream_forward_getp(BGP_INPUT(peer), endp - BGP_INPUT_PNT(peer)); goto done; } |