Re: JunOS/FRR/Nokia et al BGP critical issue

[Nick Hilliard <nick () foobar org>]

Bjørn Mork wrote on 01/09/2023 10:52:
> But there's obviously not been enough thought applied to realize that
> optional transitive attributes must be considered evil by default. They
> can only be used after extremely careful parsing.
>
> This is the BGP version of
>
>   select * from mytable where field = $unvalidated_user_input;

it's not really. If the receiving BGP stack understands the attribute, 
then it should be parsed as default, i.e. carefully.  Unfortunately, 
junos slipped up on this and didn't validate the input correctly, which 
is a parsing bug. Param validation bugs happen. They shouldn't happen, 
but they do.

If an intermediate router doesn't understand a transitive attribute, it 
should be ignored, and life should move on.

The problems arise in two situations:

1. malformed attribute, i.e. this situation.
2. vendors squatting path attribute values which are then assigned for 
other purposes. This is a subset of #1, but is messy and difficult to 
rectify when it happens. Great for fuzzing, not so good for production 
networks.

Nick