mirrors/bird
mirrors/bird
0
0
Fork 0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-08 12:18:42 +00:00
Code Releases Activity

OSPF: Fix bad header length test

Browse Source 
Thanks to Slava Aseev for the thorough bugreport.
This commit is contained in:
Ondrej Zajicek (work) 2020-06-10 13:27:14 +02:00
parent 71e08edd94
commit 82937b465b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
proto/ospf/packet.c
View File

@ -441,7 +441,8 @@ ospf_rx_hook(sock *sk, uint len)
DROP("version mismatch", pkt->version); DROP("version mismatch", pkt->version);
uint plen = ntohs(pkt->length); uint plen = ntohs(pkt->length);
if ((plen < sizeof(struct ospf_packet)) || ((plen % 4) != 0)) uint hlen = sizeof(struct ospf_packet) + (ospf_is_v2(p) ? sizeof(union ospf_auth2) : 0);
if ((plen < hlen) || ((plen % 4) != 0))
DROP("invalid length", plen); DROP("invalid length", plen);
if (sk->flags & SKF_TRUNCATED) if (sk->flags & SKF_TRUNCATED)
@ -462,9 +463,8 @@ ospf_rx_hook(sock *sk, uint len)
if (ospf_is_v2(p) && (pkt->autype != OSPF_AUTH_CRYPT)) if (ospf_is_v2(p) && (pkt->autype != OSPF_AUTH_CRYPT))
{ {
uint hlen = sizeof(struct ospf_packet) + sizeof(union ospf_auth2);
uint blen = plen - hlen;
void *body = ((void *) pkt) + hlen; void *body = ((void *) pkt) + hlen;
uint blen = plen - hlen;
if (!ipsum_verify(pkt, sizeof(struct ospf_packet), body, blen, NULL)) if (!ipsum_verify(pkt, sizeof(struct ospf_packet), body, blen, NULL))
DROP("invalid checksum", ntohs(pkt->checksum)); DROP("invalid checksum", ntohs(pkt->checksum));