summaryrefslogtreecommitdiff
path: root/ospfd
diff options
context:
space:
mode:
authorDenis Ovsienko <infrastation@yandex.ru>2012-01-30 16:07:18 +0400
committerDavid Lamparter <equinox@diac24.net>2012-03-12 11:05:19 +0100
commite52591481ed64e4cf9f26a76ad682ed7e6b451e7 (patch)
tree738a2ba31eb42b6d5d61fd61bad772a73c5cd82e /ospfd
parent75c8eabbb5d3dc8aa21b61e8700ab939ce272f5c (diff)
ospfd: review ospf_check_auth()
1. The only purpose of "ibuf" argument was to get stream size, which was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized in ospf_new(). 2. Fix the packet size check condition, which was incorrect for very large packets, at least in theory.
Diffstat (limited to 'ospfd')
-rw-r--r--ospfd/ospf_packet.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index d52430a3..b18117b5 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -2260,8 +2260,7 @@ ospf_check_network_mask (struct ospf_interface *oi, struct in_addr ip_src)
}
static int
-ospf_check_auth (struct ospf_interface *oi, struct stream *ibuf,
- struct ospf_header *ospfh)
+ospf_check_auth (struct ospf_interface *oi, struct ospf_header *ospfh)
{
int ret = 0;
struct crypt_key *ck;
@@ -2287,7 +2286,7 @@ ospf_check_auth (struct ospf_interface *oi, struct stream *ibuf,
/* This is very basic, the digest processing is elsewhere */
if (ospfh->u.crypt.auth_data_len == OSPF_AUTH_MD5_SIZE &&
ospfh->u.crypt.key_id == ck->key_id &&
- ntohs (ospfh->length) + OSPF_AUTH_SIMPLE_SIZE <= stream_get_size (ibuf))
+ ntohs (ospfh->length) + OSPF_AUTH_MD5_SIZE <= OSPF_MAX_PACKET_SIZE)
ret = 1;
else
ret = 0;
@@ -2411,7 +2410,7 @@ ospf_verify_header (struct stream *ibuf, struct ospf_interface *oi,
return -1;
}
- if (! ospf_check_auth (oi, ibuf, ospfh))
+ if (! ospf_check_auth (oi, ospfh))
{
zlog_warn ("interface %s: ospf_read authentication failed.",
IF_NAME (oi));