1 files changed, 34 insertions, 0 deletions

diff --git a/debian/patches/CVE-2024-27913.patch b/debian/patches/CVE-2024-27913.patch
new file mode 100644
index 0000000..0db69fd
--- /dev/null
+++ b/debian/patches/CVE-2024-27913.patch
@@ -0,0 +1,34 @@
+commit aae54e20498974cb026bd0e2649ca3e753090492
+Author: Olivier Dugeon <olivier.dugeon@orange.com>
+Date:   Mon Feb 26 10:40:34 2024 +0100
+
+    ospfd: Solved crash in OSPF TE parsing
+    
+    Iggy Frankovic discovered an ospfd crash when perfomring fuzzing of OSPF LSA
+    packets. The crash occurs in ospf_te_parse_te() function when attemping to
+    create corresponding egde from TE Link parameters. If there is no local
+    address, an edge is created but without any attributes. During parsing, the
+    function try to access to this attribute fields which has not been created
+    causing an ospfd crash.
+    
+    The patch simply check if the te parser has found a valid local address. If not
+    found, we stop the parser which avoid the crash.
+    
+    Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
+    (cherry picked from commit a73e66d07329d721f26f3f336f7735de420b0183)
+
+diff --git a/ospfd/ospf_te.c b/ospfd/ospf_te.c
+index d203b5ef4..1a01bf77b 100644
+--- a/ospfd/ospf_te.c
++++ b/ospfd/ospf_te.c
+@@ -2245,6 +2245,10 @@ static int ospf_te_parse_te(struct ls_ted *ted, struct ospf_lsa *lsa)
+ 	}
+ 
+ 	/* Get corresponding Edge from Link State Data Base */
++	if (IPV4_NET0(attr.standard.local.s_addr) && !attr.standard.local_id) {
++		ote_debug("  |- Found no TE Link local address/ID. Abort!");
++		return -1;
++	}
+ 	edge = get_edge(ted, attr.adv, attr.standard.local);
+ 	old = edge->attributes;
+