proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-15 04:47:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ospfd: review ospf_check_auth()

Browse Source 
1. The only purpose of "ibuf" argument was to get stream size, which
was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized
in ospf_new().

2. Fix the packet size check condition, which was incorrect for very
large packets, at least in theory.
This commit is contained in:
Denis Ovsienko 2012-01-30 16:07:18 +04:00 committed by David Lamparter
parent 75c8eabbb5
commit e52591481e
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ospfd/ospf_packet.c
View File

@ -2260,8 +2260,7 @@ ospf_check_network_mask (struct ospf_interface *oi, struct in_addr ip_src)
}
static int
ospf_check_auth (struct ospf_interface *oi, struct stream *ibuf,
struct ospf_header *ospfh)
ospf_check_auth (struct ospf_interface *oi, struct ospf_header *ospfh)
{
int ret = 0;
struct crypt_key *ck;
@ -2287,7 +2286,7 @@ ospf_check_auth (struct ospf_interface *oi, struct stream *ibuf,
/* This is very basic, the digest processing is elsewhere */
if (ospfh->u.crypt.auth_data_len == OSPF_AUTH_MD5_SIZE &&
ospfh->u.crypt.key_id == ck->key_id &&
ntohs (ospfh->length) + OSPF_AUTH_SIMPLE_SIZE <= stream_get_size (ibuf))
ntohs (ospfh->length) + OSPF_AUTH_MD5_SIZE <= OSPF_MAX_PACKET_SIZE)
ret = 1;
else
ret = 0;
@ -2411,7 +2410,7 @@ ospf_verify_header (struct stream *ibuf, struct ospf_interface *oi,
return -1;
}
if (! ospf_check_auth (oi, ibuf, ospfh))
if (! ospf_check_auth (oi, ospfh))
{
zlog_warn ("interface %s: ospf_read authentication failed.",
IF_NAME (oi));