proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-14 04:18:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,893 Commits 4 Branches 191 Tags 125 MiB
C 71.4%
Python 26.5%
Perl 0.6%
M4 0.6%
Shell 0.3%
Other 0.4%
23cd8fb713
Go to file
David Lamparter 23cd8fb713 ospfd: protect vs. VU#229804 (malformed Router-LSA) 
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.

Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair.  The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.

Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator.  While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.

cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.

Reported-by: CERT Coordination Center <cert@cert.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-08-06 12:41:46 +02:00
babeld *: use array_size() helper macro 2012-10-25 10:15:59 -07:00
bgpd bgpd, zebra: support NEXTHOP_IPV4_IFINDEX in bgp import check 2013-08-06 12:41:46 +02:00
doc doc: fix makeinfo errors and one warning 2013-04-09 17:04:25 +02:00
fpm fpm: Add public header for Forwarding Plane Manager 2012-11-30 21:41:17 +01:00
init build: delete .cvsignore files 2011-12-13 14:27:01 +04:00
isisd isisd, ospf6d: use bug-report information from autoconf 2013-07-31 17:58:05 +02:00
lib lib: unconditionally include stddef.h 2013-07-30 18:14:13 +02:00
m4 build: fix "pragma weak" mixups 2013-02-09 03:00:12 +01:00
ospf6d isisd, ospf6d: use bug-report information from autoconf 2013-07-31 17:58:05 +02:00
ospfclient build: correct libtool parameter used within Makefiles 2012-09-25 05:56:00 +02:00
ospfd ospfd: protect vs. VU#229804 (malformed Router-LSA) 2013-08-06 12:41:46 +02:00
pkgsrc build: delete .cvsignore files 2011-12-13 14:27:01 +04:00
ports build: delete .cvsignore files 2011-12-13 14:27:01 +04:00
redhat build: update quagga.spec.in 2013-02-23 19:43:18 +01:00
ripd ripd: correctly redistribute ifindex routes (BZ#664) 2013-04-09 22:33:19 +02:00
ripngd *: use array_size() helper macro 2012-10-25 10:15:59 -07:00
solaris build: delete .cvsignore files 2011-12-13 14:27:01 +04:00
tests tests: don't build tests unless make check is run 2013-07-15 08:50:38 -04:00
tools tools: use standard interpreter path in all Perl scripts 2012-04-30 16:13:47 +02:00
vtysh vtysh: don't append superflous spaces (BZ#750) 2013-07-31 17:58:05 +02:00
watchquagga *: use array_size() helper macro 2012-10-25 10:15:59 -07:00
zebra bgpd, zebra: support NEXTHOP_IPV4_IFINDEX in bgp import check 2013-08-06 12:41:46 +02:00
.gitignore testzebra: pragma weak: detect systems with weak alias and provide alternative 2013-01-11 21:50:06 +01:00
AUTHORS Initial revision 2002-12-13 20:15:29 +00:00
bootstrap.sh autoreconf -i 2007-02-06 19:28:28 +00:00
buildtest.sh tests: add DejaGNU framework 2013-04-14 16:01:05 +02:00
ChangeLog [trivia] Make 'make dist' happy about ChangeLog expunge 2008-08-23 08:36:42 +01:00
configure.ac tests: DejaGNU libzebra 2013-04-14 16:01:19 +02:00
COPYING Initial revision 2002-12-13 20:15:29 +00:00
COPYING.LIB Initial revision 2002-12-13 20:15:29 +00:00
HACKING.pending HACKING.pending: Add Quagga-RE details 2012-03-02 11:56:38 +00:00
HACKING.tex HACKING.tex: Change to a LaTeX version of HACKING 2012-03-08 16:14:13 +00:00
INSTALL.quagga.txt doc: Modernize INSTALL.quagga.txt. 2013-07-15 10:17:06 -04:00
Makefile.am build: fix dist tarball 2012-12-13 11:04:37 +01:00
NEWS doc: update NEWS for 0.99.22 changes 2013-02-01 17:55:05 +01:00
README 2004-11-12 Paul Jakma <paul@dishone.st> 2004-11-12 10:30:21 +00:00
README.NetBSD Omit --opaque-lsa from build (now default). 2011-06-28 15:05:05 -04:00
REPORTING-BUGS Update for git and emphasize asking for good reports. 2010-05-05 07:51:26 -04:00
SERVICES 2607/tcp is already used by ospfapi. 2003-12-23 10:42:45 +00:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
TODO doc: update TODO for ospf6d work & bgp multipath 2013-04-16 11:56:11 +02:00
update-autotools * README.NetBSD: use update-autotools instead of autoreconf 2007-02-02 16:52:38 +00:00

README 

Quagga is free software that manages various IPv4 and IPv6 routing
protocols.

Currently Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1,
RIPv2, and RIPng as well as very early support for IS-IS.
  
See the file INSTALL.quagga.txt for building and installation instructions.
  
See the file REPORTING-BUGS to report bugs.
  
Quagga is free software. See the file COPYING for copying conditions.