From e27ad00f56d69ad94fd1de7f1e90b56615665170 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Dec 16 2013 17:37:19 +0000
Subject: bgpd: fix crash when receiving bgp updates


Fix for CVE-2013-6051.

Resolves: #1043371

---

diff --git a/quagga-CVE-2013-6051.patch b/quagga-CVE-2013-6051.patch
new file mode 100644
index 0000000..6f4c915
--- /dev/null
+++ b/quagga-CVE-2013-6051.patch
@@ -0,0 +1,21 @@
+commit 8794e8d229dc9fe29ea31424883433d4880ef408
+Author: Paul Jakma <paul@quagga.net>
+Date:   Mon Feb 13 13:53:07 2012 +0000
+
+    bgpd: Fix regression in args consolidation, total should be inited from args
+    
+    * bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args.
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 0d82aba..81802ce 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -1646,7 +1646,7 @@ bgp_attr_ext_communities (struct bgp_attr_parser_args *args)
+ static bgp_attr_parse_ret_t
+ bgp_attr_unknown (struct bgp_attr_parser_args *args)
+ {
+-  bgp_size_t total;
++  bgp_size_t total = args->total;
+   struct transit *transit;
+   struct attr_extra *attre;
+   struct peer *const peer = args->peer; 
diff --git a/quagga.spec b/quagga.spec
index 2d2d623..99b0a7a 100644
--- a/quagga.spec
+++ b/quagga.spec
@@ -32,7 +32,7 @@
 Summary:    Routing daemon
 Name:       quagga
 Version:    0.99.21
-Release:    5%{?dist}
+Release:    6%{?dist}
 License:    GPLv2+
 Group:      System Environment/Daemons
 Source0:    http://www.quagga.net/download/%{name}-%{version}.tar.xz
@@ -71,6 +71,7 @@ Provides:	routingdaemon = %{version}-%{release}
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Patch0: quagga-CVE-2012-1820.patch
+Patch1: quagga-CVE-2013-6051.patch
 
 %description
 Quagga is free software that operates TCP/IP-based routing protocols. It takes
@@ -116,6 +117,7 @@ developing OSPF-API and quagga applications.
 %setup  -q
 
 %patch0 -p1 -b .CVE-2012-1820
+%patch1 -p1 -b .CVE-2013-6051
 
 %build
 # FC5+ automatic -fstack-protector-all switch
@@ -436,6 +438,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Tue Dec 16 2013 Michal Sekletar <msekleta@redhat.com> - 0.99.21-6
+- fix bgp crash when receiving bgp updates (CVE-2013-6051)
+
 * Tue Jul 23 2013 Michal Sekletar <msekleta@redhat.com> - 0.99.21-5
 - disable ospfapi and ospfclient