diff options
author | CROSS <info@codenomicon.com> | 2011-09-26 13:17:21 +0400 |
---|---|---|
committer | Denis Ovsienko <infrastation@yandex.ru> | 2011-09-26 18:39:52 +0400 |
commit | af143a26ef96ba9be7b9c0b151b7605e1c2c74cd (patch) | |
tree | 52d988f2eb1ccaddec7a725ee30766593dfc1f6b | |
parent | a1afbc6e1d56b06409de5e8d7d984d565817fd96 (diff) |
ospfd: CVE-2011-3326 (uknown LSA type segfault)
This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.
Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.
* ospf_flood.c
* ospf_flood(): check return value of ospf_lsa_install()
-rw-r--r-- | ospfd/ospf_flood.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c index 41661da2..fc0bbf12 100644 --- a/ospfd/ospf_flood.c +++ b/ospfd/ospf_flood.c @@ -319,7 +319,8 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr, procedure cannot overwrite the newly installed LSA until MinLSArrival seconds have elapsed. */ - new = ospf_lsa_install (ospf, nbr->oi, new); + if (! (new = ospf_lsa_install (ospf, nbr->oi, new))) + return 0; /* unknown LSA type */ /* Acknowledge the receipt of the LSA by sending a Link State Acknowledgment packet back out the receiving interface. */ |