proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-13 22:57:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ospfd: CVE-2011-3326 (uknown LSA type segfault)

Browse Source 
This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.

Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.

* ospf_flood.c
  * ospf_flood(): check return value of ospf_lsa_install()
This commit is contained in:
CROSS 2011-09-26 13:17:21 +04:00 committed by Denis Ovsienko
parent 94431dbc75
commit 6b161fc12a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ospfd/ospf_flood.c
View File

@ -319,7 +319,8 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
procedure cannot overwrite the newly installed LSA until procedure cannot overwrite the newly installed LSA until
MinLSArrival seconds have elapsed. */ MinLSArrival seconds have elapsed. */
new = ospf_lsa_install (ospf, nbr->oi, new); if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
return 0; /* unknown LSA type */
/* Acknowledge the receipt of the LSA by sending a Link State /* Acknowledge the receipt of the LSA by sending a Link State
Acknowledgment packet back out the receiving interface. */ Acknowledgment packet back out the receiving interface. */