lib/attrs.h · v3.1.3 · labs / BIRD Internet Routing Daemon

Sep 02, 2025

Nest: Function aspa_check() should return ASPA_INVALID for paths containing AS_SET · 518b2fdf

Evann DREUMONT authored Sep 02, 2025

The aspa_check() uses as_path_getlen() to estimate the size of a buffer,
which does not work for AS_SET segments, because as_path_getlen() returns
length 1 for them regardless of their length. This may cause buffer
overflow and crash.

As AS_SET segments are not valid for ASPA verification, we can just
handle them explicitly. See https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification#section-6



Co-Authored-By: Alarig <alarig@swordarmor.fr>

Minor changes by committer.

518b2fdf

Nest: Function aspa_check() should return ASPA_INVALID for paths containing AS_SET

Evann DREUMONT authored Sep 02, 2025

The aspa_check() uses as_path_getlen() to estimate the size of a buffer,
which does not work for AS_SET segments, because as_path_getlen() returns
length 1 for them regardless of their length. This may cause buffer
overflow and crash.

As AS_SET segments are not valid for ASPA verification, we can just
handle them explicitly. See https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification#section-6



Co-Authored-By: Alarig <alarig@swordarmor.fr>

Minor changes by committer.

Admin message