summaryrefslogtreecommitdiff
path: root/ospfd
diff options
context:
space:
mode:
Diffstat (limited to 'ospfd')
-rw-r--r--ospfd/ospf_packet.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index 37223fbb..ab68bf0b 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -1823,6 +1823,27 @@ ospf_ls_upd (struct ip *iph, struct ospf_header *ospfh,
DISCARD_LSA (lsa,2);
}
+ /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
+ if (lsa->data->type == OSPF_ROUTER_LSA)
+ if (!IPV4_ADDR_SAME(&lsa->data->id, &lsa->data->adv_router))
+ {
+ char buf1[INET_ADDRSTRLEN];
+ char buf2[INET_ADDRSTRLEN];
+ char buf3[INET_ADDRSTRLEN];
+
+ zlog_err("Incoming Router-LSA from %s with "
+ "Adv-ID[%s] != LS-ID[%s]",
+ inet_ntop (AF_INET, &ospfh->router_id,
+ buf1, INET_ADDRSTRLEN),
+ inet_ntop (AF_INET, &lsa->data->id,
+ buf2, INET_ADDRSTRLEN),
+ inet_ntop (AF_INET, &lsa->data->adv_router,
+ buf3, INET_ADDRSTRLEN));
+ zlog_err("OSPF domain compromised by attack or corruption. "
+ "Verify correct operation of -ALL- OSPF routers.");
+ DISCARD_LSA (lsa, 0);
+ }
+
/* Find the LSA in the current database. */
current = ospf_lsa_lookup_by_header (oi->area, lsa->data);
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-08 16:55:46 +0000