Add more paranoia in lsa_router_check(). There needs to be at least one

router link in a type-1 LSA.
author: claudio <claudio@openbsd.org> 2009-11-12 22:29:15 +0000
committer: claudio <claudio@openbsd.org> 2009-11-12 22:29:15 +0000
commit: c28dba30cbdcd185dd5c2bda969c8df49542edc9 (patch)
tree: 5bb6346cdc84403bae390a72d8d07745dcda5fbd
parent: get_rtr_link and get_net_link are not supposed to fail and returning (diff)
download: wireguard-openbsd-c28dba30cbdcd185dd5c2bda969c8df49542edc9.tar.xz
wireguard-openbsd-c28dba30cbdcd185dd5c2bda969c8df49542edc9.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/ospfd/rde_lsdb.c b/usr.sbin/ospfd/rde_lsdb.c
index d860c260ce1..df30c01e91a 100644
--- a/usr.sbin/ospfd/rde_lsdb.c
+++ b/usr.sbin/ospfd/rde_lsdb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde_lsdb.c,v 1.42 2009/01/07 21:16:36 claudio Exp $ */
+/*	$OpenBSD: rde_lsdb.c,v 1.43 2009/11/12 22:29:15 claudio Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
@@ -260,6 +260,10 @@ lsa_router_check(struct lsa *lsa, u_int16_t len)
 	}
 
 	nlinks = ntohs(lsa->data.rtr.nlinks);
+	if (nlinks == 0) {
+		log_warnx("lsa_check: invalid LSA router packet");
+		return (0);
+	}
 	for (i = 0; i < nlinks; i++) {
 		rtr_link = (struct lsa_rtr_link *)(buf + off);
 		off += sizeof(struct lsa_rtr_link);
author	claudio <claudio@openbsd.org>	2009-11-12 22:29:15 +0000
committer	claudio <claudio@openbsd.org>	2009-11-12 22:29:15 +0000
commit	c28dba30cbdcd185dd5c2bda969c8df49542edc9 (patch)
tree	5bb6346cdc84403bae390a72d8d07745dcda5fbd
parent	get_rtr_link and get_net_link are not supposed to fail and returning (diff)
download	wireguard-openbsd-c28dba30cbdcd185dd5c2bda969c8df49542edc9.tar.xz wireguard-openbsd-c28dba30cbdcd185dd5c2bda969c8df49542edc9.zip