From c2bfbcc38428b53e856617e1da8bbe9f8d2ee2fa Mon Sep 17 00:00:00 2001 From: paul Date: Fri, 4 Jun 2004 01:42:38 +0000 Subject: 2004-06-04 JJ Ludman * ripd.c: Interoperability fix. Correct value for MD5 auth length is 16. Accept packets with this set to >= 16, and set to 16 ourselves. --- ripd/ChangeLog | 6 ++++++ ripd/ripd.c | 16 +++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/ripd/ChangeLog b/ripd/ChangeLog index 932c6245..2b65db30 100644 --- a/ripd/ChangeLog +++ b/ripd/ChangeLog @@ -1,3 +1,9 @@ +2004-06-04 JJ Ludman + + * ripd.c: Interoperability fix. Correct value for MD5 auth length + is 16. Accept packets with this set to >= 16, and set to 16 + ourselves. + 2004-05-31 Sowmini Varadhan * ripd.c: Fixup compile warnings diff --git a/ripd/ripd.c b/ripd/ripd.c index 05fdeb97..7567ba2c 100644 --- a/ripd/ripd.c +++ b/ripd/ripd.c @@ -854,8 +854,17 @@ rip_auth_md5 (struct rip_packet *packet, struct sockaddr_in *from, if (ri->auth_type != RIP_AUTH_MD5 || ntohs (md5->type) != RIP_AUTH_MD5) return 0; - if (md5->auth_len != RIP_HEADER_SIZE + RIP_AUTH_MD5_SIZE) +/* + * If the authentication length is less than 16, then it must be wrong for + * any interpretation of rfc2082. + */ + if (md5->auth_len < RIP_AUTH_MD5_SIZE) + { + if (IS_RIP_DEBUG_EVENT) + zlog_info ("RIPv2 MD5 authentication, authentication length field too \ + short"); return 0; + } if (ri->key_chain) { @@ -888,7 +897,8 @@ rip_auth_md5 (struct rip_packet *packet, struct sockaddr_in *from, strncpy ((char *)md5data->digest, auth_str, RIP_AUTH_MD5_SIZE); md5_init_ctx (&ctx); - md5_process_bytes (packet, packet_len + md5->auth_len, &ctx); + md5_process_bytes (packet, packet_len + RIP_HEADER_SIZE + RIP_AUTH_MD5_SIZE, \ + &ctx); md5_finish_ctx (&ctx, digest); if (memcmp (pdigest, digest, RIP_AUTH_MD5_SIZE) == 0) @@ -972,7 +982,7 @@ rip_auth_md5_set (struct stream *s, struct interface *ifp) /* Auth Data Len. Set 16 for MD5 authentication data. */ - stream_putc (s, RIP_AUTH_MD5_SIZE + RIP_HEADER_SIZE); + stream_putc (s, RIP_AUTH_MD5_SIZE); /* Sequence Number (non-decreasing). */ /* RFC2080: The value used in the sequence number is -- cgit v1.2.1