summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-09-26ospfd: CVE-2011-3325 part 2 (OSPF pkt type segv)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. The error is reproducible only when ospfd debugging is enabled: * debug ospf packet all * debug ospf zebra When incoming packet header type field is set to 0x0a, ospfd will crash. * ospf_packet.c * ospf_verify_header(): add type field check * ospf_read(): perform input checks early
2011-09-26ospfd: CVE-2011-3325 part 1 (OSPF header underrun)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. When only 14 first bytes of a Hello packet is delivered, ospfd crashes. * ospf_packet.c * ospf_read(): add size check
2011-09-26ospfd: CVE-2011-3326 (uknown LSA type segfault)CROSS
This vulnerability (CERT-FI #514837) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. Quagga ospfd does not seem to handle unknown LSA types in a Link State Update message correctly. If LSA type is something else than one supported by Quagga, the default handling of unknown types leads to an error. * ospf_flood.c * ospf_flood(): check return value of ospf_lsa_install()
2011-09-26bgpd: CVE-2011-3327 (ext. comm. buffer overflow)CROSS
This vulnerability (CERT-FI #513254) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. The problem occurs when bgpd receives an UPDATE message containing 255 unknown AS_PATH attributes in Path Attribute Extended Communities. This causes a buffer overlow in bgpd. * bgp_ecommunity.c * ecommunity_ecom2str(): perform size check earlier
2011-09-25bgpd: improve NEXT_HOP attribute checks (BZ#680)Denis Ovsienko
* lib/prefix.h * IPV4_CLASS_DE(): new helper macro * bgp_attr.c * bgp_attr_nexthop(): add check for "partial" bit, refresh flag error reporting, explain meaning of RFC4271 section 6.3 and implement it
2011-09-25bgpd: don't be confused by "unspecific" subcode in the NOTIFY message.Dmitrij Tejblum
* bgp_debug.c (bgp_notify_open_msg, bgp_notify_update_msg, bgp_notify_cease_msg, bgp_notify_capability_msg): add messages for "unspecific" subcode.
2011-09-25lib: provide more information in case of failed LOOKUP.Dmitrij Tejblum
* log.[ch] * mes_lookup: add a parameter with the name of the message list, print the name in case of failure. * LOOKUP macro: pass the name of the message list.
2011-09-25bgpd: check ATOMIC_AGGREGATE attr flags (BZ#678)Denis Ovsienko
* bgp_attr.c * bgp_attr_atomic(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-25bgpd: check MULTI_EXIT_DISC attr flags (BZ#677)Denis Ovsienko
* bgp_attr.c * bgp_attr_med(): add checks for "optional", "transitive" and "partial" bits, log each error condition independently
2011-09-25bgpd: check LOCAL_PREF attribute flags (BZ#674)Denis Ovsienko
* bgp_attr.c * bgp_attr_local_pref(): accept extra argument, add checks for "optional" and "transitive" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-25configure: test for glibc backtrace even without glibc.Dmitrij Tejblum
Other platform may have compatible facilities.
2011-09-25ospfd: remove unused macroDenis Ovsienko
2011-09-25doc: fix typoRoman Hoog Antink
2011-09-25isisd: raise hello rate for DIS (BZ#539)Fritz Reichmann
* isis_pdu.c: Divide hello interval by three, depending if we are DIS or not.
2011-09-25isisd: fix crash on "no router isis" (BZ#536)Fritz Reichmann
The crash is due to threads accessing data that gets destroyed during the removal of the configuration. * isis_circuit.c: Destroy adjacencies to stop adjacency expiry thread. Stop PSNP threads. * isisd.c: Change state of circuit back to INIT and reassign the circuit structure to isis->init_circ_list rather than destroying the circuit data structure. Stop SPF threads. Stop LSP generation threads. * isisd.h: Add pointers to LSP threads into area structure in order to stop them in isisd.c * isis_lsp.c: Store pointer to LSP thread in area structure. * isis_pdu.c: Stop PDU generation for a circuit with a removed area. * isis_pfpacket.c: Stop processing received PDUs for a circuit with a removed area.
2011-09-25ospf6d: Fix memory allocation issues in SPFTom Goff
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf table. This ensures that the associated ospf6_vertex structures are also freed. * ospf6_spf.c: Only allocate a priority queue when a spf calculation is actually performed.
2011-09-25ospf6d: Extend the "[no] debug ospf6 route" vty commandsTom Goff
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug option. This allows ospf6 route memory debugging to be enabled or disabled interactively or from a config file.
2011-09-25isisd: include hash.h, not hash.cPeter Szilagyi
2011-09-25configure: dismiss libutil.hStephen Hemminger
Recent versions of libc on Linux (Debian Testing) create lots of compile warnings about direct usage of libutil.h
2011-09-25doc: add missing wordAlexandre Chappuis
* ospfd.texi: Adjust meaning of the rfc1583compatibility option in order to match the RFC specification and the actual source code.
2011-09-25ospf6d: add lost lines to area config blockJon Andersson
* ospf6_area.c * ospf6_area_config_write(): write filter-list, import-list and export-list lines
2011-09-25bgpd: fix parsing of graceful restart cap. (#663)Peter Pentchev
"While setting up a testbed, I ran across a little problem in the parsing of the "graceful restart" BGP capability that resulted in Quagga not actually activating it for the peer in question - when the peer sent a single AFI/SAFI block." * bgp_open.c * bgp_capability_restart(): actually process the last AFI/SAFI block
2011-09-25ospf6d: fix crash on filter-list handling (BZ#530)Christian Hammers
This essentially merges the fix available from Debian build of Quagga. * ospf6_area.c * area_filter_list(): use correct argv indices * no_area_filter_list(): idem
2011-09-25bgpd: add useful notification logs (BZ#616)heasley
* bgp_packet.c * bgp_notify_send_with_data(): add calls to zlog_info()
2011-09-25doc: BGP route-flap dampeningAlexandre Chappuis
2011-09-25zebra: fix loss of metric for Linux routesDmitry Popov
* rt_netlink.c * netlink_route_change(): fetch metric information like netlink_routing_table() does and pass it further
2011-09-10ospfd: spellingDenis Ovsienko
2011-09-10bgpd: spellingDenis Ovsienko
2011-09-10bgpd: spellingDenis Ovsienko
2011-09-10ospfd: use existing macro for consistencyDenis Ovsienko
2011-09-07version RE-0.99.17.3Denis Ovsienko
2011-09-07ospfd: revert recent PIE change to fix amd64 buildDenis Ovsienko
This reverts commit 68575f4babf4d6fc302c366898a1047f13629214.
2011-09-07version RE-0.99.17.2Denis Ovsienko
2011-09-05build: build ospfd as Position-Independed Executable (if appropriate)Dmitrij Tejblum
Since 46bc0e432e75, all the binaries are built as Position-Independed Executables (if available and enabled). ospfd was missed for some unknown reason.
2011-08-28ospfd: address more trivial compiler warningsDenis Ovsienko
* ospf_ase.c * ospf_ase_complete_direct_routes(): dismiss unused variable * ospf_ase_calculate_route(): put assignments into parentheses
2011-08-28zebra: add missing includesDenis Ovsienko
2011-08-27ospf6d: address more trivial compiler warningsDenis Ovsienko
* ospf6_main.c: include required headers * ospf6_asbr.h: idem * ospf6_spf.c * ospf6_spf_install(): remove unused variables
2011-08-23ospfd: sizing macros cleanupDenis Ovsienko
* ospf_spf.c * ROUTER_LSA_TOS_SIZE: prepend OSPF_ and move to ospf_lsa.h * ROUTER_LSA_MIN_SIZE: replace with existing OSPF_ROUTER_LSA_LINK_SIZE
2011-08-22lib: use "protocol-independed API" from RFC3678, if that is availableDmitrij Tejblum
(This commit is based on the patch from BZ#420, and should fix that bug.) * configure.ac: detect availability of that API * sockopt.c (setsockopt_ipv4_multicast): use it for join/leave IPv4 multicast groups
2011-08-22lib: futher simplification of setsockopt_ipv4_multicast()Dmitrij Tejblum
* sockopt.c (setsockopt_ipv4_multicast): check for wrong optname with assert(), rather than return an error.
2011-08-20ospf6d: add missing includeDenis Ovsienko
Two extern declarations in ospf6_abr.h are based on struct ospf6_route, which may not be available at the time ospf6_abr.h is included. This may lead to warnings after including ospf6_abr.h just for the structures defined in it.
2011-08-20ospf6d: ospf6_lsa_cmd_init() does not existDenis Ovsienko
2011-08-20ospf6d: move named constants to ospf6d.hDenis Ovsienko
2011-08-19lib: fix omission in the previous commit to lib/sockopt.cDmitrij Tejblum
* sockopt.c (setsockopt_ipv4_multicast_if): fix missed line in the previous commit.
2011-08-19ospf6d: justify some ABR debug codeDenis Ovsienko
* ospf6_abr.c * ospf6_abr_examin_summary(): only fill "buf" when it is used
2011-08-19lib: simplify interface of setsockopt_multicast_ipv4().Dmitrij Tejblum
* sockopt.[ch] (setsockopt_ipv4_multicast): ifindex is now mandatory (all non-ancient OSes can use it anyway), and if_addr parameter (the address of the interface) is now gone. (setsockopt_ipv4_multicast_if): IP_MULTICAST_IF processing moved to this new function * ospf_network.c (ospf_if_add_allspfrouters, ospf_if_drop_allspfrouters, ospf_if_add_alldrouters, ospf_if_drop_alldrouters, ospf_if_ipmulticast), rip_interface.c (ipv4_multicast_join, ipv4_multicast_leave, rip_interface_new): adapt to the new interface
2011-08-19ospf6d: spellingDenis Ovsienko
2011-08-09bgpd: improve "show ip bgp scan detail"Denis Ovsienko
* bgp_nexthop.c (show_ip_bgp_scan_tables): access proper structure field in AF_INET6 case, handle ifindex NH type properly
2011-08-08bgpd: dismiss some zlookup checksDenis Ovsienko
bgp_nexthop_onlink(): zlookup is not used here at all bgp_nexthop_lookup_ipv6(): rely on the detection performed by "query" function (this also changes the fallback value to 0), reorder if-block bgp_nexthop_lookup(): idem
2011-08-05bgpd: add "show ip bgp scan detail" commandDenis Ovsienko
* bgp_nexthop.c: (show_ip_bgp_scan) transform into show_ip_bgp_scan_tables(), which uses inet_ntop() and can dump nexthops on request; (show_ip_bgp_scan_detail_cmd) new function