quagga: fix CVE-2013-6051

Backport patch to fix CVE-2013-6051. Signed-off-by: Hu <yadi.hu@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2026-05-19 00:36:44 +00:00 · 2014-04-21 14:24:50 +08:00 · 2014-04-21 14:24:50 +08:00 · 715893e5ff
commit 715893e5ff
parent a277f303df
2 changed files with 30 additions and 0 deletions
--- a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
+++ b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
@ -0,0 +1,29 @@
+
+From 8794e8d229dc9fe29ea31424883433d4880ef408
+From: Paul Jakma <paul@quagga.net>
+Date: Mon, 13 Feb 2012 13:53:07 +0000
+Subject: bgpd: Fix regression in args consolidation, total should be inited from args
+
+bgpd: Fix regression in args consolidation, total should be inited from args
+
+* bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args.
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 65af824..839f64d 100644
+--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
+
+@@ -1646,7 +1646,7 @@
+ static bgp_attr_parse_ret_t
+ bgp_attr_unknown (struct bgp_attr_parser_args *args)
+ {
+-  bgp_size_t total;
+  bgp_size_t total = args->total;
+   struct transit *transit;
+   struct attr_extra *attre;
+   struct peer *const peer = args->peer; 
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@ -26,6 +26,7 @@ QUAGGASUBDIR = ""
 SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \
           file://fix-for-lib-inpath.patch \
           file://quagga-0.99.17-libcap.patch \
+           file://quagga-fix-CVE-2013-6051.patch \
           file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \
           file://quagga.init \
           file://quagga.default \