summaryrefslogtreecommitdiff
path: root/REPORTING-BUGS
diff options
context:
space:
mode:
authorDenis Ovsienko <infrastation@yandex.ru>2011-09-26 13:18:51 +0400
committerDenis Ovsienko <infrastation@yandex.ru>2011-09-26 18:40:48 +0400
commit552563a1c443ec876edd92bf79f29ff3afe2c01e (patch)
treec0bf1cdbf045a493f1cbb4623e85724eeea4dc7f /REPORTING-BUGS
parent308687b7d73c5cacf927a3a33efbfaea627ccc09 (diff)
ospf6d: CVE-2011-3323 (fortify packet reception)
This vulnerability (CERT-FI #514840) was reported by CROSS project. ospf6d processes IPv6 prefix structures in incoming packets without verifying that the declared prefix length is valid. This leads to a crash caused by out of bounds memory access. * ospf6_abr.h: new macros for size/alignment validation * ospf6_asbr.h: idem * ospf6_intra.h: idem * ospf6_lsa.h: idem * ospf6_message.h: idem * ospf6_proto.h: idem * ospf6_message.c * ospf6_packet_minlen: helper array for ospf6_packet_examin() * ospf6_lsa_minlen: helper array for ospf6_lsa_examin() * ospf6_hello_recv(): do not call ospf6_header_examin(), let upper layer verify the input data * ospf6_dbdesc_recv(): idem * ospf6_lsreq_recv(): idem * ospf6_lsupdate_recv(): idem * ospf6_lsack_recv(): idem * ospf6_prefixes_examin(): new function, implements A.4.1 * ospf6_lsa_examin(): new function, implements A.4 * ospf6_lsaseq_examin(): new function, an interface to above * ospf6_packet_examin(): new function, implements A.3 * ospf6_rxpacket_examin(): new function, replaces ospf6_header_examin() * ospf6_header_examin(): sayonara * ospf6_receive(): perform passive interface check earliest possible, employ ospf6_rxpacket_examin()
Diffstat (limited to 'REPORTING-BUGS')
0 files changed, 0 insertions, 0 deletions