summaryrefslogtreecommitdiff
path: root/ospf6d
AgeCommit message (Collapse)Author
2011-09-26ospf6d: CVE-2011-3323 (fortify packet reception)Denis Ovsienko
This vulnerability (CERT-FI #514840) was reported by CROSS project. ospf6d processes IPv6 prefix structures in incoming packets without verifying that the declared prefix length is valid. This leads to a crash caused by out of bounds memory access. * ospf6_abr.h: new macros for size/alignment validation * ospf6_asbr.h: idem * ospf6_intra.h: idem * ospf6_lsa.h: idem * ospf6_message.h: idem * ospf6_proto.h: idem * ospf6_message.c * ospf6_packet_minlen: helper array for ospf6_packet_examin() * ospf6_lsa_minlen: helper array for ospf6_lsa_examin() * ospf6_hello_recv(): do not call ospf6_header_examin(), let upper layer verify the input data * ospf6_dbdesc_recv(): idem * ospf6_lsreq_recv(): idem * ospf6_lsupdate_recv(): idem * ospf6_lsack_recv(): idem * ospf6_prefixes_examin(): new function, implements A.4.1 * ospf6_lsa_examin(): new function, implements A.4 * ospf6_lsaseq_examin(): new function, an interface to above * ospf6_packet_examin(): new function, implements A.3 * ospf6_rxpacket_examin(): new function, replaces ospf6_header_examin() * ospf6_header_examin(): sayonara * ospf6_receive(): perform passive interface check earliest possible, employ ospf6_rxpacket_examin()
2011-09-26ospf6d: CVE-2011-3324 (DD LSA assertion)Denis Ovsienko
This vulnerability (CERT-FI #514839) was reported by CROSS project. When Database Description LSA header list contains trailing zero octets, ospf6d tries to process this data as an LSA header. This triggers an assertion in the code and ospf6d shuts down. * ospf6_lsa.c * ospf6_lsa_is_changed(): handle header-only argument(s) appropriately, do not treat LSA length underrun as a fatal error.
2011-09-25ospf6d: Fix memory allocation issues in SPFTom Goff
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf table. This ensures that the associated ospf6_vertex structures are also freed. * ospf6_spf.c: Only allocate a priority queue when a spf calculation is actually performed.
2011-09-25ospf6d: Extend the "[no] debug ospf6 route" vty commandsTom Goff
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug option. This allows ospf6 route memory debugging to be enabled or disabled interactively or from a config file.
2011-09-25ospf6d: add lost lines to area config blockJon Andersson
* ospf6_area.c * ospf6_area_config_write(): write filter-list, import-list and export-list lines
2011-09-25ospf6d: fix crash on filter-list handling (BZ#530)Christian Hammers
This essentially merges the fix available from Debian build of Quagga. * ospf6_area.c * area_filter_list(): use correct argv indices * no_area_filter_list(): idem
2011-08-27ospf6d: address more trivial compiler warningsDenis Ovsienko
* ospf6_main.c: include required headers * ospf6_asbr.h: idem * ospf6_spf.c * ospf6_spf_install(): remove unused variables
2011-08-20ospf6d: add missing includeDenis Ovsienko
Two extern declarations in ospf6_abr.h are based on struct ospf6_route, which may not be available at the time ospf6_abr.h is included. This may lead to warnings after including ospf6_abr.h just for the structures defined in it.
2011-08-20ospf6d: ospf6_lsa_cmd_init() does not existDenis Ovsienko
2011-08-20ospf6d: move named constants to ospf6d.hDenis Ovsienko
2011-08-19ospf6d: justify some ABR debug codeDenis Ovsienko
* ospf6_abr.c * ospf6_abr_examin_summary(): only fill "buf" when it is used
2011-08-19ospf6d: spellingDenis Ovsienko
2011-08-01ospf6d: Remove obsolete codeTom Goff
* ospf6_area.c: (ospf6_area_delete) Get rid of unused code that refers to a nonexistent function and structure member.
2011-07-12ospf6d: check MTU with message header size in mindDmitrij Tejblum
* ospf6_message.c: (ospf6_packet_max): new function, return maximum IPv6 payload on an interface; (ospf6_hello_send, ospf6_dbdesc_send, ospf6_dbdesc_send_newone, ospf6_lsreq_send, ospf6_lsupdate_send_neighbor, ospf6_lsupdate_send_interface, ospf6_lsack_send_neighbor, ospf6_lsack_send_interface): compare message size with the maximum payload instead of the MTU.
2011-07-12ospf6d: copy "mtu-ignore" option from ospfdDmitrij Tejblum
"mtu-ignore" is an option ospfd used to mimic from the vendor's implementation, now ospf6d will also implement it. * ospf6_interface.h: extend ospf6_interface structure by one flag * ospf6_interface.c: (ipv6_ospf6_mtu_ignore, no_ipv6_ospf6_mtu_ignore): new declarations; (ospf6_interface_create): show initial value for consistency; (ospf6_interface_show): print flag status * ospf6_message.c: (ospf6_dbdesc_recv): consider interface-specific flag when checking MTU
2011-07-04ospf6d: fix crash in SPF calculationDmitrij Tejblum
* ospf6_spf.c: Don't replace a node with another node with a lower number of hops, instead get them from the queue in the correct order. (Actually, the replacement crashed the ospf6d daemon rather than worked.) (cherry picked from commit 403138e189c24f6867824c4eeb668d11564e1ca0)
2010-04-28ospf6d: Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in ↵David Ward
startup-config * ospf6_interface.c: When '[no] ipv6 ospf6 advertise prefix-list' appears in the startup configuration for ospf6d, a crash occurs, because ospf6d attempts to schedule LSAs when the 'oi->area' structure has not yet been initialized. Now, when the command above is issued (either in the startup configuration or at runtime), ospf6d will only schedule LSAs if the 'oi->area' structure has been initalized. A similar test is already used when handling the commands 'ipv6 ospf6 priority' and 'ipv6 ospf6 cost'.
2009-12-10ospf6d: remove dead codeStephen Hemminger
* ospf6d/ospf6_interface.c * loopind(): sayonara * ospf6d/ospf6_top.c * ospf6_delete(): comment out, it might be useful if real shutdown is added
2009-12-10ospf6d: fix warnings from recent prefix bit commitStephen Hemminger
* lib/prefix.h * prefix6_bit(): add IPv6 wrapper for prefix_bit() * ospf6d/ospf6_lsdb.c * ospf6_lsdb_type_router_head(): employ prefix6_bit() * ospf6_lsdb_type_head(): idem
2009-12-09lib: move check_bit into prefix common codeStephen Hemminger
Make one version of check prefix bit, and put it inline with proper prototype. This gets rid of some macro's and also some assert() that can never happen on a non-broken compiler. * bgpd/bgp_table.c * CHECK_BIT(): sayonara * check_bit(): sayonara * SET_LINK(): sayonara * set_link(): make use of prefix_bit() instead of check_bit() * bgp_node_match(): idem * bgp_node_lookup(): idem * bgp_node_get(): idem * lib/prefix.h * prefix_bit(): new inline version of check_bit() * lib/table.c * CHECK_BIT(): sayonara * check_bit(): sayonara * SET_LINK(): sayonara * set_link(): make use of prefix_bit() instead of check_bit() * route_node_match(): idem * route_node_lookup(): idem * route_node_get(): idem * ospf6d/ospf6_lsdb.c * CHECK_BIT(): sayonara * ospf6_lsdb_lookup_next(): make use of prefix_bit() instead of CHECK_BIT() * ospf6_lsdb_type_router_head(): idem * ospf6_lsdb_type_head(): idem * ospf6d/ospf6_route.c * CHECK_BIT(): sayonara * ospf6_route_match_head() make use of prefix_bit() instead of * CHECK_BIT()
2009-12-07ospf6d: review LSA sequence number comparisonOndrej Zajicek
It seems that there is a bug in ospf6d in ospf6_lsa_compare(): If LSA A has sequence number smaller than 0x80000000 and LSA B has sequence number larger than 0x80000000, ospf6_lsa_compare() returns that B is more recent than A, although RFC says that sequence numbers should be compared as signed numbers (0x8000001 smallest and 0x7FFFFFFF largest). In ospfd, the function ospf_lsa_more_recent() has it right. The problem appears when Quagga is used together with OSPFv3 in development version of BIRD daemon ( http://bird.network.cz/ ), which creates LSAs with maximum sequence number (0x7FFFFFFF) as a part of flushing/premature aging LSA from OSPF area. Because both daemons has different idea of which LSA instance is more recent, it would lead to LSA storm.
2009-12-01ospf6d: fix LSA locking in ospf6_new_ls_id()Tom Goff
* ospf6_lsdb.c: (ospf6_new_ls_id) Unlock the current LSA when breaking out of the ospf6_lsdb_*_head() / ospf6_lsdb_*_next() loop early. No explicit unlocking is needed when all LSAs are looped through because ospf6_lsdb_*_next() manages everything in that case.
2009-08-28ospf6d: bug #529, fix endianness problem in earlier commit Tom Henderson
* ospf6_lsa.c: (ospf6_lsa_age_current) arithmetical compares make no sense in non-host order..
2009-08-13all: check return value from daemon() callStephen Hemminger
* */*main.c: (main) Current versions of Gcc warn if the return value for daemon() is not checked. So add a simple test and exit on failure.
2009-07-28[global] interface flags format warningsStephen Hemminger
*/*: ifp->flags is 64 bit unsigned which can not be handled by %l on 32 bit architectures - requires %ll and the appropriate cast.
2009-07-16[ospf6d] Fix regression in monotonic time patch - LSA max-aging brokeTom Henderson
* ospf6_lsa.c: (ospf6_lsa_premature_aging) set age to MAX_AGE - don't rely on 0 magically meaning same. (ospf6_lsa_age_current) handle MAXAGE.
2009-06-22Convert ospf6d over to quagga_gettime() wrappers.Takashi Sogabe
2009-06-18[ospf6d] Remove 'no router' from OSPF6_NODEStephen Hemminger
Don't need command twice.
2009-06-18[ospf6d] Fix ospf6d crash if removing interface with no areaJon
ospf6d will crash if attempting to remove interface when no areas have been defined Check if any areas have been defined. Should prevent use of empty pointer.
2009-06-18[ospf6d] Fix ospf6d crash in show border routersJon
ospf6d will crash if this command is executed on a non-border-router. Included test to verify that any routes are defined, preventing empty pointer from being used.
2009-06-18[ospf6] Add no router ospf6Jon
Suggestion: Makes no sense to me that the statement to remove ospf6 configuration is located in OSPF6D_NODE. Moved to CONFIG_NODE next to matching define command.
2009-06-18[ospf6d] Fix ospf6d crash if range defined twiceJon
ospf6d will crash if the same range is defined twice. There was no check if the same range had previously been defined, thereby causing a later assert to fail.
2009-06-12[cleanup] Make command nodes staticStephen Hemminger
The cmd_nodes used to configure vty, can mostly be static so (basic data hiding 101).
2009-06-12[cleanup] Convert XMALLOC/memset to XCALLOCStephen Hemminger
Simple conversion of XMALLOC/memset to XCALLOC
2009-06-02[snmp] Compiler warning fixes for when "--enable-snmp" is configured.Chris Caputo
Compiled on 32-bit and 64-bit linux gcc 4.1.2 platforms. No run-time testing on 32-bit and limited run-time testing on 64-bit.
2008-08-25Make --enable-snmp cross compile and make libcrypto optional with ↵Joakim Tjernlund
--without-crypto Autoconfig work by me, the rest was done by "Kirill K. Smirnov" <lich@math.spbu.ru>
2008-08-22[administrivia] Update gitignore filesPaul Jakma
- Add more stuff, archive libraries, etc..
2008-08-22[administrivia] Git should ignore backup files and .loT filesPaul Jakma
2008-08-22[trivia] Remove ChangeLog files, as this data is now maintained in SCMPaul Jakma
2008-08-22[trivia] finish off static'ification of ospf6d and ripngdPaul Jakma
2008-08-15 Paul Jakma <paul.jakma@sun.com> * {ospf6d,ripngd}/*: Finish job of marking functions as static, or exporting declarations for them, to quell warning noise with Quagga's GCC default high-level of warning flags. Thus allowing remaining, more useful warnings to be more easily seen.
2008-08-22[build] Test for GNU-style PIE support in toolchain and enablePaul P Komkoff Jr
2008-08-13 Paul P Komkoff Jr <i@stingr.net> * configure.ac: add a configure flag and autoconf macro, which will determine if your toolchain supports PIE. * */Makefile.am: add corresponding CFLAGS and LDFLAGS into appropriate places. Signed-off-by: Paul Jakma <paul@quagga.net>
2008-08-22[administrivia] Add .gitignore files, based on .cvsignores.Paul Jakma
2008-05-29[daemons] Sanity check port number arguments before usePaul Jakma
2008-05-29 Martin Nagy <mnagy@redhat.com> * */*main.c: Sanity check port numbers before using.
2008-02-26[c++] remove/rename some names in headers that clash with C++ reserved wordsPaul Jakma
2008-01-30 Peter Szilagyi <sp615@hszk.bme.hu> * lib/stream.h: Remove named 'new' parameter in prototype for c++ header compatibility. * ospfd/ospf_opaque.h: ditto * ospfd/ospfd.h: Renamed struct export to _export for c++ header compatibility. * ospf6d/ospf6_area.h: ditto
2007-10-22[ospf6d] Fix removal of defunct ASBR routesPaul Jakma
2007-10-22 Phil Spagnolo <phillip.a.spagnolo@boeing.com> * ospf6_asbr.c: (ospf6_asbr_lsentry_remove) Remove shortcut of LSDB search - it's based on assumption non-BEST routes can't have ASBR routes, which appears to be wrong. Safest to search.
2007-06-07[ospf6d] Fix silly bug: muse use strcmp to compare stringsAndrew J. Schorr
2007-06-07 Pavol Rusnak <prusnak@suse.cz> * ospf6_lsa.c: (no_debug_ospf6_lsa_hex_cmd) Fix bug: must use strcmp to compare strings.
2007-04-27[64-bit] Fix 4 problems with printf formats and 64-bit size_tAndrew J. Schorr
2007-04-27 Andrew J. Schorr <ajschorr@alumni.princeton.edu> * lib/smux.c: (smux_trap) Fix printf format to work with 64-bit size_t. * ospf6d/ospf6_snmp.c: (ospfv3AreaEntry, ospfv3AreaLsdbEntry) Fix some zlog_debug printf formats to work with 64-bit size_t.
2007-03-08[ospf6d] Bug 322: ospf6d show ipv6 neighbour showing wrong timesPaul Jakma
2007-03-08 David Siebörger d.sieborger@ru.ac.za * ospf6_neighbor.c: (ospf6_neighbor_show) Fix bug #322, ospf6d wasn't updated to match thread times changing to relative time.
2007-02-27[ospf6d] Fix string comparison bug in ospf6_lsa_handler_name.Andrew J. Schorr
2007-02-27 Pavol Rusnak <prusnak@suse.cz> * ospf6_lsa.c: (ospf6_lsa_handler_name) Fix bug: must use strcmp to compare strings.
2007-02-02ospf6d.h: remove declaration of errno (should be via header)Greg Troxel
(from pkgsrc)