diff options
| author |   claudio <claudio@openbsd.org> | 2013-08-14 20:16:09 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2013-08-14 20:16:09 +0000 |
| commit | 3499042cfad73c5099cdac091da4c2038340b794 (patch) | |
| tree | 4ab091890314b4ba40b460e652771f51dc33e670 | |
| parent | editing blip in previous; (diff) | |
| download | wireguard-openbsd-3499042cfad73c5099cdac091da4c2038340b794.tar.xz wireguard-openbsd-3499042cfad73c5099cdac091da4c2038340b794.zip | |
Enforce that the ls_id and the adv_rtr field in a type 1 router LSA are
the same. This will drop updates trying to attack the OSPF LSDB. For
ospfd such bad router LSA were never a problem since the LSA lookup always
includes the ls_id and adv_rtr -- so the bad packets would have never been
picked up by the SPF calculation.
OK bluhm@ benno@
| -rw-r--r-- | usr.sbin/ospfd/rde_lsdb.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/ospfd/rde_lsdb.c b/usr.sbin/ospfd/rde_lsdb.c index d4b0e150be2..115eb44ab93 100644 --- a/usr.sbin/ospfd/rde_lsdb.c +++ b/usr.sbin/ospfd/rde_lsdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_lsdb.c,v 1.48 2013/01/17 10:07:56 markus Exp $ */ +/* $OpenBSD: rde_lsdb.c,v 1.49 2013/08/14 20:16:09 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org> @@ -300,6 +300,11 @@ lsa_router_check(struct lsa *lsa, u_int16_t len) return (0); } + if (lsa->hdr.ls_id != lsa->hdr.adv_rtr) { + log_warnx("lsa_check: invalid LSA router packet, bad adv_rtr"); + return (0); + } + nlinks = ntohs(lsa->data.rtr.nlinks); if (nlinks == 0) { log_warnx("lsa_check: invalid LSA router packet"); |