From 4de148e5d6f6f7885b2c0952a236a3bc3ec36250 Mon Sep 17 00:00:00 2001
From: Thomas Ries <tries@gmx.net>
Date: Thu, 27 Oct 2011 17:43:38 +0400
Subject: ospfd: improve fix to CVE-2011-3326 (BZ#586)

Make ospf_flood() propagate error returned by ospf_lsa_install() further
to properly discard the malformed LSA, not just prevent the immediate
crash.
---
 ospfd/ospf_flood.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c
index 004ed1a7..2ebae89a 100644
--- a/ospfd/ospf_flood.c
+++ b/ospfd/ospf_flood.c
@@ -320,7 +320,7 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
      MinLSArrival seconds have elapsed. */  
 
   if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
-    return 0; /* unknown LSA type */
+    return -1; /* unknown LSA type or any other error condition */
 
   /* Acknowledge the receipt of the LSA by sending a Link State
      Acknowledgment packet back out the receiving interface. */
-- 
cgit v1.2.1