summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ripd/ChangeLog6
-rw-r--r--ripd/ripd.c16
2 files changed, 19 insertions, 3 deletions
diff --git a/ripd/ChangeLog b/ripd/ChangeLog
index 932c6245..2b65db30 100644
--- a/ripd/ChangeLog
+++ b/ripd/ChangeLog
@@ -1,3 +1,9 @@
+2004-06-04 JJ Ludman <jacques.ludman@sun.com>
+
+ * ripd.c: Interoperability fix. Correct value for MD5 auth length
+ is 16. Accept packets with this set to >= 16, and set to 16
+ ourselves.
+
2004-05-31 Sowmini Varadhan <sowmini.varadhan@sun.com>
* ripd.c: Fixup compile warnings
diff --git a/ripd/ripd.c b/ripd/ripd.c
index 05fdeb97..7567ba2c 100644
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -854,8 +854,17 @@ rip_auth_md5 (struct rip_packet *packet, struct sockaddr_in *from,
if (ri->auth_type != RIP_AUTH_MD5 || ntohs (md5->type) != RIP_AUTH_MD5)
return 0;
- if (md5->auth_len != RIP_HEADER_SIZE + RIP_AUTH_MD5_SIZE)
+/*
+ * If the authentication length is less than 16, then it must be wrong for
+ * any interpretation of rfc2082.
+ */
+ if (md5->auth_len < RIP_AUTH_MD5_SIZE)
+ {
+ if (IS_RIP_DEBUG_EVENT)
+ zlog_info ("RIPv2 MD5 authentication, authentication length field too \
+ short");
return 0;
+ }
if (ri->key_chain)
{
@@ -888,7 +897,8 @@ rip_auth_md5 (struct rip_packet *packet, struct sockaddr_in *from,
strncpy ((char *)md5data->digest, auth_str, RIP_AUTH_MD5_SIZE);
md5_init_ctx (&ctx);
- md5_process_bytes (packet, packet_len + md5->auth_len, &ctx);
+ md5_process_bytes (packet, packet_len + RIP_HEADER_SIZE + RIP_AUTH_MD5_SIZE, \
+ &ctx);
md5_finish_ctx (&ctx, digest);
if (memcmp (pdigest, digest, RIP_AUTH_MD5_SIZE) == 0)
@@ -972,7 +982,7 @@ rip_auth_md5_set (struct stream *s, struct interface *ifp)
/* Auth Data Len. Set 16 for MD5 authentication
data. */
- stream_putc (s, RIP_AUTH_MD5_SIZE + RIP_HEADER_SIZE);
+ stream_putc (s, RIP_AUTH_MD5_SIZE);
/* Sequence Number (non-decreasing). */
/* RFC2080: The value used in the sequence number is