From b29adf9c3e69f298f748564a20abdf7274bbc549 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <infrastation@yandex.ru>
Date: Mon, 20 Feb 2012 23:08:10 +0400
Subject: ospfd: fix packet length check for auth/LLS cases

An OSPFv2 packet with trailing data blocks (authentication and/or
link-local signaling) failed the recently implemented packet length
check, because trailing data length isn't counted in the packet header
"length" field. This commit fixes respective check conditions.

* ospf_packet.c
  * ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
---
 ospfd/ospf_packet.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index 68c25790..3d827296 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -2564,7 +2564,7 @@ ospf_packet_examin (struct ospf_header * oh, const unsigned bytesonwire)
   case OSPF_MSG_HELLO:
     /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes followed
        by N>=0 router-IDs. */
-    ret = (bytesonwire - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE) % 4 ? MSG_NG : MSG_OK;
+    ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE) % 4 ? MSG_NG : MSG_OK;
     break;
   case OSPF_MSG_DB_DESC:
     /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes followed
@@ -2572,14 +2572,14 @@ ospf_packet_examin (struct ospf_header * oh, const unsigned bytesonwire)
     ret = ospf_lsaseq_examin
     (
       (struct lsa_header *) ((caddr_t) oh + OSPF_HEADER_SIZE + OSPF_DB_DESC_MIN_SIZE),
-      bytesonwire - OSPF_HEADER_SIZE - OSPF_DB_DESC_MIN_SIZE,
+      bytesdeclared - OSPF_HEADER_SIZE - OSPF_DB_DESC_MIN_SIZE,
       1, /* header-only LSAs */
       0
     );
     break;
   case OSPF_MSG_LS_REQ:
     /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes request blocks. */
-    ret = (bytesonwire - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE) %
+    ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE) %
       OSPF_LSA_KEY_SIZE ? MSG_NG : MSG_OK;
     break;
   case OSPF_MSG_LS_UPD:
@@ -2589,7 +2589,7 @@ ospf_packet_examin (struct ospf_header * oh, const unsigned bytesonwire)
     ret = ospf_lsaseq_examin
     (
       (struct lsa_header *) ((caddr_t) lsupd + OSPF_LS_UPD_MIN_SIZE),
-      bytesonwire - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
+      bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
       0, /* full LSAs */
       ntohl (lsupd->num_lsas) /* 32 bits */
     );
@@ -2599,7 +2599,7 @@ ospf_packet_examin (struct ospf_header * oh, const unsigned bytesonwire)
     ret = ospf_lsaseq_examin
     (
       (struct lsa_header *) ((caddr_t) oh + OSPF_HEADER_SIZE + OSPF_LS_ACK_MIN_SIZE),
-      bytesonwire - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
+      bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
       1, /* header-only LSAs */
       0
     );
-- 
cgit v1.2.1