diff options
| author | Paul Jakma <paul.jakma@sun.com> | 2006-05-04 07:36:34 +0000 |
|---|---|---|
| committer | Paul Jakma <paul.jakma@sun.com> | 2006-05-04 07:36:34 +0000 |
| commit | 15a2b089ced3f1e956659e9ca88af45d1c48272c (patch) | |
| tree | 26ae18cd6cb7021307586a6ed16c3e058a92ebc3 /ripd/rip_interface.c | |
| parent | 9c27ef9b9c26db0af507869c2866c4a8463f4ae7 (diff) | |
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated route updates
2006-05-04 Paul Jakma <paul.jakma@sun.com>
* (general) Fixes for bugs #261 and 262. Thanks to
Konstantin V. Gavrilenko <kos@arhont.com> for the problem
reports, testing of a series of proposed patches and comment
on the proposed changes in behaviour.
* rip_interface.c: (ip_rip_authentication_mode_cmd) Parse all
of the command before making any changes to configured state.
* ripd.c: (rip_read) RIP version control should be absolute and
always apply, fixes bug #261 by allowing RIPv1 to be disabled.
Fix bug #262: If authentication is enabled, then
unauthenticated packets should not be accepted. We do however
make an exception for RIPv1 REQUEST packets, to which we will
reply as RIPv1 can now be disabled fully, to allow ripd to
still provide routing /information/ to simple devices.
Diffstat (limited to 'ripd/rip_interface.c')
| -rw-r--r-- | ripd/rip_interface.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ripd/rip_interface.c b/ripd/rip_interface.c index 0bc5a311..a5b12db6 100644 --- a/ripd/rip_interface.c +++ b/ripd/rip_interface.c @@ -1558,6 +1558,7 @@ DEFUN (ip_rip_authentication_mode, { struct interface *ifp; struct rip_interface *ri; + int auth_type; ifp = (struct interface *)vty->index; ri = ifp->info; @@ -1569,9 +1570,9 @@ DEFUN (ip_rip_authentication_mode, } if (strncmp ("md5", argv[0], strlen (argv[0])) == 0) - ri->auth_type = RIP_AUTH_MD5; + auth_type = RIP_AUTH_MD5; else if (strncmp ("text", argv[0], strlen (argv[0])) == 0) - ri->auth_type = RIP_AUTH_SIMPLE_PASSWORD; + auth_type = RIP_AUTH_SIMPLE_PASSWORD; else { vty_out (vty, "mode should be md5 or text%s", VTY_NEWLINE); @@ -1579,13 +1580,16 @@ DEFUN (ip_rip_authentication_mode, } if (argc == 1) - return CMD_SUCCESS; + { + ri->auth_type = auth_type; + return CMD_SUCCESS; + } - if ( (argc == 2) && (ri->auth_type != RIP_AUTH_MD5) ) + if ( (argc == 2) && (auth_type != RIP_AUTH_MD5) ) { vty_out (vty, "auth length argument only valid for md5%s", VTY_NEWLINE); return CMD_WARNING; -} + } if (strncmp ("r", argv[1], 1) == 0) ri->md5_auth_len = RIP_AUTH_MD5_SIZE; @@ -1593,7 +1597,9 @@ DEFUN (ip_rip_authentication_mode, ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE; else return CMD_WARNING; - + + ri->auth_type = auth_type; + return CMD_SUCCESS; } |