Commit 57d76c9
committed
Upgrade FRR to 10.5.4
Summary of Changes:
bfdd:
- cap IPv6 echo reflection to declared length
- account for FP offset in echo length checks
- fix recv errno filter logic in a few places
- tighten SBFD reflector packet sanity checks
- gate IPv6 echo reflection on known sessions
- tighten auth header parsing skeleton
- validate control packet length before session lookup
bgpd:
- Fix memleak when configuring rd
- Validate if NHC BGPID TLV value is non-zero
- Avoid having a dangling pointer after we free NHC attribute
- Check if BGPID NHC TLV exists when IPv6 next-hop is link-local
- Do not allocate NHC TLV with an extra trailer
- migrate timers during peer_xfer_conn to fix stale route cleanup
- honor 'no activate' for dynamic neighbors in peer-group
- Return immediately when dynamic capability action is not valid
- Validate BGP role capability when handling it dynamically
- fix neighbor IP comparison for IPv6 memcmp return values
- Don't mark nexthop as changed if a set next-hop unchanged is applied
- Return BGP_PEER_INTERNAL when first peer's as type is set to auto
- Update peer sort cache when remote-as auto is used and AS number changed
- Check dynamic capability action before validating ENHE capability
- Do not allocate stream if route-refresh capability is not received
- Move rpki strict check to bgp_accept()
- Fix memory leak for nhc attribute if ipv6 is link-local address
- Fix compilation for Debian 11 when printing uint64 values
- Return zero labels if no BOS found and it's not a withdraw label
- Fix signed overflow in hexstr2num()
- Check the length also when parsing ENCAP attr sub-TLVs
- Validate prefixlen before subtracting when parsing labeled unicast NLRI
- Reset the stream to attr_start + attribute_len when WITHDRAWN
- Revalidate locally originated routes against RPKI changes
- Check if prefixlen is not 0 when parsing flowspec stuff
- Prevent len_string going negative when trying to display flowspec entries
- fix import vrf on non existing vrf
- fix no vrf import command
- Free hostname for FQDN capability if the parsing goes wrong
- Validate MP_REACH_NLRI attribute against incorrect next-hop
- Fix dynamic FQDN capability handling
- Check if the remaining length for subtracting TLV length is enough
- Fix the end pointer boundaries for dynamic graceful restart capability
- Add missing returns when parsing enhanced route-refresh
- Return original as-path when reconciling AS versus AS4
- Do not process route-refresh for AFI/SAFI if it's not negotiated
- Check if we are not overusing error_data buffer when unknown cap received
- fix NHT for explicit link-local BGP peers
- improve packet parsing for EVPN and ENCAP/VNC
- Prevent heap use-after-free for tunnel encapsulation attribute
- Return 0 if AS4 capability is malformed
- close dynamic peer socket in ttl error path
- fix logic handling EVPN_FLAG_DEFAULT_GW
- avoid early return in MPLSVPN NLRI processing
- remove unneeded asserts in packet reads
eigrpd:
- fix byte order in Hello TLV decode functions
- Handling for malformed update packets
- enforce minimum TLV length in Hello handler
- reject invalid prefix mask len
- skip unknown and ignored TLVs
- Improve packet validation
isisd:
- Reject SRv6 Locator TLV with Loc-Size of zero
- consume leftover bytes after FAD sub-sub-TLV loop
- use correct min size values for srv6 subtlvs
- improve validation of flex-algo decoder
- Fix missing neighbor address Sub-TLVs after link-params change
- add unit test for remove_excess_adjs() memory leak fix
- fix memory leak in remove_excess_adjs()
- fix edge condition in max_lsp_count computation
ldpd:
- improve tlv validation in several places
lib:
- Report IPv6 MTU and not IPv4 for if_update_state_mtu6
- disable warning in zlog.c to match master
nhrpd:
- stop debugging auth credentials
- fix byte-order when comparing error code in shortcut path
- guard against zbuf_pulln NULL on truncated packets
- require auth for all received packet types
- harden debug packet parsing against malformed input
- validate AFI index in extension replies
ospf6d:
- move log call out of priv block
- remove asserts in packet-handling paths
- fix issues in ospf6 auth trailer code
ospfd:
- add LSA validation in the apiserver path
- add validation in several places before accessing
pceplib:
- validate during of_list TLV decoding
pimd:
- fix NOCACHE MFC resync detection log, add vrf name too
- use upstream-owned pim pointer in register and upstream timers
- use upstream-owned pim pointer in MSDP update paths
- avoid JP build deref through channel OIL
- guard RP RPF-failure mroute delete on detached OIL
- avoid null deref in upstream delete debug path
- guard channel OIL detach against stale pointers
- fix crash due to double free
- Ensure igmp message is of proper size
- Reject pim packets with a malformed header length
- Fix out of bounds read in AutoRP code
- igmpv3 never checks packet length and trusts the num-sources field
- Do not allow a register-stop message if not received from the RP
- Prevent received msg length from being larger than buffer
- Remove unnecessary asserts
- When receiving a register stop ensure we have enough data to read
- Ensure a register packet has enough space to read S,G data
- Ensure that header has space on packet
ripngd:
- fix data handling in several places
tests:
- Check if route-map with set nexthop unchanged does not prevent outgoing
- Check if mixed peer-group remote-as types can be used with auto
- Verify neighbor addr Sub-TLVs after link-params reset
- Expect return code being 0, not -1 when AS4 is empty or ASN is 0
vrrpd:
- replace some asserts
- only support ethernet in GARP code
- limit advertised timers to 12-bits
Signed-off-by: Mattias Walström <lazzer@gmail.com>1 parent 081491a commit 57d76c9
4 files changed
Lines changed: 6 additions & 6 deletions
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
| |||
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
70 | | - | |
| 70 | + | |
71 | 71 | | |
72 | 72 | | |
73 | | - | |
| 73 | + | |
74 | 74 | | |
75 | 75 | | |
76 | 76 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
| |||
0 commit comments