summaryrefslogtreecommitdiff
path: root/ospfd/ospf_flood.c
diff options
context:
space:
mode:
authorCROSS <info@codenomicon.com>2011-09-26 13:17:21 +0400
committerDenis Ovsienko <infrastation@yandex.ru>2011-09-26 18:46:28 +0400
commit6b161fc12a15aba8824c84d1eb38e529aaf70769 (patch)
treeabd6c391a491495c70203420e5d91dbcdf282383 /ospfd/ospf_flood.c
parent94431dbc753171b48b5c6806af97fd690813b00a (diff)
ospfd: CVE-2011-3326 (uknown LSA type segfault)
This vulnerability (CERT-FI #514837) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. Quagga ospfd does not seem to handle unknown LSA types in a Link State Update message correctly. If LSA type is something else than one supported by Quagga, the default handling of unknown types leads to an error. * ospf_flood.c * ospf_flood(): check return value of ospf_lsa_install()
Diffstat (limited to 'ospfd/ospf_flood.c')
-rw-r--r--ospfd/ospf_flood.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c
index 77f2e161..004ed1a7 100644
--- a/ospfd/ospf_flood.c
+++ b/ospfd/ospf_flood.c
@@ -319,7 +319,8 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
procedure cannot overwrite the newly installed LSA until
MinLSArrival seconds have elapsed. */
- new = ospf_lsa_install (ospf, nbr->oi, new);
+ if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
+ return 0; /* unknown LSA type */
/* Acknowledge the receipt of the LSA by sending a Link State
Acknowledgment packet back out the receiving interface. */