[oe-commits] Kai Kang : quagga: fix CVE-2013-6051

git at git.openembedded.org git at git.openembedded.org
Fri Apr 25 01:21:22 UTC 2014 

Module: meta-openembedded.git
Branch: master
Commit: 715893e5ffcce8d32f096c93dd36f345e52c17a7
URL:    http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=715893e5ffcce8d32f096c93dd36f345e52c17a7

Author: Kai Kang <kai.kang at windriver.com>
Date:   Mon Apr 21 14:24:50 2014 +0800

quagga: fix CVE-2013-6051

Backport patch to fix CVE-2013-6051.

Signed-off-by: Hu <yadi.hu at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Joe MacDonald <joe at deserted.net>

---

 .../quagga/files/quagga-fix-CVE-2013-6051.patch    | 29 ++++++++++++++++++++++
 .../recipes-protocols/quagga/quagga.inc            |  1 +
 2 files changed, 30 insertions(+)

diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
new file mode 100644
index 0000000..fde9e0c
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
@@ -0,0 +1,29 @@
+
+From 8794e8d229dc9fe29ea31424883433d4880ef408
+From: Paul Jakma <paul at quagga.net>
+Date: Mon, 13 Feb 2012 13:53:07 +0000
+Subject: bgpd: Fix regression in args consolidation, total should be inited from args
+
+bgpd: Fix regression in args consolidation, total should be inited from args
+
+* bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args.
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang at windriver.com>
+---
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 65af824..839f64d 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+
+@@ -1646,7 +1646,7 @@
+ static bgp_attr_parse_ret_t
+ bgp_attr_unknown (struct bgp_attr_parser_args *args)
+ {
+-  bgp_size_t total;
++  bgp_size_t total = args->total;
+   struct transit *transit;
+   struct attr_extra *attre;
+   struct peer *const peer = args->peer; 
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index f043725..60baab8 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -26,6 +26,7 @@ QUAGGASUBDIR = ""
 SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \
            file://fix-for-lib-inpath.patch \
            file://quagga-0.99.17-libcap.patch \
+           file://quagga-fix-CVE-2013-6051.patch \
            file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \
            file://quagga.init \
            file://quagga.default \

More information about the Openembedded-commits mailing list