diff options
| author | Thomas Ries <tries@gmx.net> | 2011-10-27 17:43:38 +0400 |
|---|---|---|
| committer | Denis Ovsienko <infrastation@yandex.ru> | 2011-11-15 20:50:48 +0400 |
| commit | 4de148e5d6f6f7885b2c0952a236a3bc3ec36250 (patch) | |
| tree | 5360772467235934673f5b7e3c039424bcc61329 | |
| parent | 1758dbaa3b69bd6e95fb501c40f044f751557e76 (diff) | |
ospfd: improve fix to CVE-2011-3326 (BZ#586)
Make ospf_flood() propagate error returned by ospf_lsa_install() further
to properly discard the malformed LSA, not just prevent the immediate
crash.
| -rw-r--r-- | ospfd/ospf_flood.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c index 004ed1a7..2ebae89a 100644 --- a/ospfd/ospf_flood.c +++ b/ospfd/ospf_flood.c @@ -320,7 +320,7 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr, MinLSArrival seconds have elapsed. */ if (! (new = ospf_lsa_install (ospf, nbr->oi, new))) - return 0; /* unknown LSA type */ + return -1; /* unknown LSA type or any other error condition */ /* Acknowledge the receipt of the LSA by sending a Link State Acknowledgment packet back out the receiving interface. */ |