| Age | Commit message (Collapse) | Author |
|---|
|
This vulnerability (CERT-FI #514839) was reported by CROSS project.
When Database Description LSA header list contains trailing zero octets,
ospf6d tries to process this data as an LSA header. This triggers an
assertion in the code and ospf6d shuts down.
* ospf6_lsa.c
* ospf6_lsa_is_changed(): handle header-only argument(s)
appropriately, do not treat LSA length underrun as a fatal error.
|
|
It seems that there is a bug in ospf6d in ospf6_lsa_compare(): If LSA A
has sequence number smaller than 0x80000000 and LSA B has sequence
number larger than 0x80000000, ospf6_lsa_compare() returns that B is
more recent than A, although RFC says that sequence numbers should be
compared as signed numbers (0x8000001 smallest and 0x7FFFFFFF largest).
In ospfd, the function ospf_lsa_more_recent() has it right.
The problem appears when Quagga is used together with OSPFv3 in
development version of BIRD daemon ( http://bird.network.cz/ ),
which creates LSAs with maximum sequence number (0x7FFFFFFF)
as a part of flushing/premature aging LSA from OSPF area.
Because both daemons has different idea of which LSA instance
is more recent, it would lead to LSA storm.
|
|
* ospf6_lsa.c: (ospf6_lsa_age_current) arithmetical compares make no sense
in non-host order..
|
|
* ospf6_lsa.c: (ospf6_lsa_premature_aging) set age to MAX_AGE - don't
rely on 0 magically meaning same.
(ospf6_lsa_age_current) handle MAXAGE.
|
|
|
|
Simple conversion of XMALLOC/memset to XCALLOC
|
|
2008-08-15 Paul Jakma <paul.jakma@sun.com>
* {ospf6d,ripngd}/*: Finish job of marking functions as static, or
exporting declarations for them, to quell warning noise with
Quagga's GCC default high-level of warning flags. Thus allowing
remaining, more useful warnings to be more easily seen.
|
|
2007-06-07 Pavol Rusnak <prusnak@suse.cz>
* ospf6_lsa.c: (no_debug_ospf6_lsa_hex_cmd) Fix bug: must use strcmp
to compare strings.
|
|
2007-02-27 Pavol Rusnak <prusnak@suse.cz>
* ospf6_lsa.c: (ospf6_lsa_handler_name) Fix bug: must use strcmp
to compare strings.
|
|
* (global) update all c files to match the lib/vector.h rename of
(struct vector).active to max, and vector_max macro to
vector_active.
* lib/vector.h: Rename to (struct vector).max to slightly less
confusing active, for the number of active slots, distinct from
allocated or active-and-not-empty. Rename vector_max to
vector_active for same reason.
|
|
|
|
|
|
* global: Replace strerror with safe_strerror. And vtysh/vtysh.c
needs to include "log.h" to pick up the declaration.
|
|
* ospf6_route.c: Add const qualifier to various char arrays of
constants. signed/unsigned fixes.
(ospf6_linkstate_table_show) argv is const
* ospf6_snmp.c: listnode typedef is dead.
(ospf6_snmp_init) Take struct thread_master arg, needed for
smux_init.
* ospf6_snmp.h: update ospf6_snmp_init declaration.
* ospf6d.c: (ospf6_init) add const qualifier to sargv, pass master
to ospf_snmp6_init.
* ospf6_asbr.c: const char update.
* ospf6_interface.c: ditto, plus signed/unsigned fixes.
(ipv6_ospf6_cost) Check whether cost fits in u_int32_t and use
strtoul.
* ospf6_intra.c: const char update. Parenthesise expression.
* ospf6_lsa.c: signed/unsigned and const char updates.
* ospf6_proto.c: ditto.
* ospf6_message.c: ditto.
* ospf6_lsdb.c: signed/unsigned update.
* ospf6_main.c: const char update.
* ospf6_neighbor.c: ditto.
* ospf6_spf.c: ditto.
* ospf6_top.c: ditto.
|
|
to ospf6_network.h.
|
|
|
|
|
|
ospf6_lsdb prototype declaration from ospf6_lsa.h. Report sent to Yasuhiro
Ohara as well.
|
|
|
|
|
|
fixes.
|
|
zclient changes.
|
|
* (many) reference <lib/version.h> rather than "version.h",
because version.h is a generated file and not present in the
source tree when using objdir builds.
(committed by gdt)
works fine with normal builds; didn't try objdir
|
|
|
