From 23dad9a777eb2beb54e06f5f95320d5c89801baf Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 10 Sep 2023 18:46:06 +0200
Subject: Revert "frr: T5557: use treat-as-withdraw for tunnel encapsulation
 attribute CVE-2023-38802"

This reverts commit 13a5fa10d8c8632d08cf48a445c7d5925d3d42c4.

Patch merged upstream
---
 ...eat-as-withdraw-for-tunnel-encapsulation-.patch | 134 ---------------------
 1 file changed, 134 deletions(-)
 delete mode 100644 packages/frr/patches/0004-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch

diff --git a/packages/frr/patches/0004-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch b/packages/frr/patches/0004-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch
deleted file mode 100644
index a6d824c4..00000000
--- a/packages/frr/patches/0004-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From a3337f1bd534d1d2b47b149a14418c5d93d341e3 Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Thu, 13 Jul 2023 22:32:03 +0300
-Subject: [PATCH] bgpd: Use treat-as-withdraw for tunnel encapsulation
- attribute
-
-Before this path we used session reset method, which is discouraged by rfc7606.
-
-Handle this as rfc requires.
-
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Signed-off-by: Christian Breunig <christian@breunig.cc>
-
-(cherry picked from commit bcb6b58d9530173df41d3a3cbc4c600ee0b4b186)
----
- bgpd/bgp_attr.c | 61 ++++++++++++++++++++-----------------------------
- 1 file changed, 25 insertions(+), 36 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index f5e54267d..4bc28fe23 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -1225,6 +1225,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
- 	case BGP_ATTR_LARGE_COMMUNITIES:
- 	case BGP_ATTR_ORIGINATOR_ID:
- 	case BGP_ATTR_CLUSTER_LIST:
-+	case BGP_ATTR_ENCAP:
- 		return BGP_ATTR_PARSE_WITHDRAW;
- 	case BGP_ATTR_MP_REACH_NLRI:
- 	case BGP_ATTR_MP_UNREACH_NLRI:
-@@ -2320,26 +2321,21 @@ bgp_attr_ipv6_ext_communities(struct bgp_attr_parser_args *args)
- }
- 
- /* Parse Tunnel Encap attribute in an UPDATE */
--static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
--			  bgp_size_t length, /* IN: attr's length field */
--			  struct attr *attr, /* IN: caller already allocated */
--			  uint8_t flag,      /* IN: attr's flags field */
--			  uint8_t *startp)
-+static int bgp_attr_encap(struct bgp_attr_parser_args *args)
- {
--	bgp_size_t total;
- 	uint16_t tunneltype = 0;
--
--	total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
-+	struct peer *const peer = args->peer;
-+	struct attr *const attr = args->attr;
-+	bgp_size_t length = args->length;
-+	uint8_t type = args->type;
-+	uint8_t flag = args->flags;
- 
- 	if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
- 	    || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
--		zlog_info(
--			"Tunnel Encap attribute flag isn't optional and transitive %d",
--			flag);
--		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
--					  BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
--					  startp, total);
--		return -1;
-+		zlog_err("Tunnel Encap attribute flag isn't optional and transitive %d",
-+			 flag);
-+		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+					  args->total);
- 	}
- 
- 	if (BGP_ATTR_ENCAP == type) {
-@@ -2347,12 +2343,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
- 		uint16_t tlv_length;
- 
- 		if (length < 4) {
--			zlog_info(
-+			zlog_err(
- 				"Tunnel Encap attribute not long enough to contain outer T,L");
--			bgp_notify_send_with_data(
--				peer, BGP_NOTIFY_UPDATE_ERR,
--				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
--			return -1;
-+			return bgp_attr_malformed(args,
-+						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+						  args->total);
- 		}
- 		tunneltype = stream_getw(BGP_INPUT(peer));
- 		tlv_length = stream_getw(BGP_INPUT(peer));
-@@ -2382,13 +2377,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
- 		}
- 
- 		if (sublength > length) {
--			zlog_info(
--				"Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
--				sublength, length);
--			bgp_notify_send_with_data(
--				peer, BGP_NOTIFY_UPDATE_ERR,
--				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
--			return -1;
-+			zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
-+				 sublength, length);
-+			return bgp_attr_malformed(args,
-+						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+						  args->total);
- 		}
- 
- 		/* alloc and copy sub-tlv */
-@@ -2434,13 +2427,10 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
- 
- 	if (length) {
- 		/* spurious leftover data */
--		zlog_info(
--			"Tunnel Encap attribute length is bad: %d leftover octets",
--			length);
--		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
--					  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
--					  startp, total);
--		return -1;
-+		zlog_err("Tunnel Encap attribute length is bad: %d leftover octets",
-+			 length);
-+		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+					  args->total);
- 	}
- 
- 	return 0;
-@@ -3128,8 +3118,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
- 		case BGP_ATTR_VNC:
- #endif
- 		case BGP_ATTR_ENCAP:
--			ret = bgp_attr_encap(type, peer, length, attr, flag,
--					     startp);
-+			ret = bgp_attr_encap(&attr_args);
- 			break;
- 		case BGP_ATTR_PREFIX_SID:
- 			ret = bgp_attr_prefix_sid(&attr_args);
--- 
-2.39.2
-
-- 
cgit v1.2.3