proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-06-05 19:33:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c3e6b59516
mirror_frr/ospfd
History
David Lamparter 23cd8fb713 ospfd: protect vs. VU#229804 (malformed Router-LSA) 
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.

Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair.  The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.

Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator.  While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.

cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.

Reported-by: CERT Coordination Center <cert@cert.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-08-06 12:41:46 +02:00
..
.gitignore [administrivia] Git should ignore backup files and .loT files 2008-08-22 20:00:46 +01:00
ChangeLog.opaque.txt Initial revision 2003-02-03 16:31:16 +00:00
Makefile.am build: correct libtool parameter used within Makefiles 2012-09-25 05:56:00 +02:00
ospf_abr.c ospfd: Corrected ospfd Type-4/Type-5 ls update handling 2013-01-07 10:00:00 -08:00
ospf_abr.h 2005-09-29 Alain Ritoux <alain.ritoux@6wind.com> 2005-09-29 13:52:57 +00:00
ospf_api.c ospfd: CVE-2013-2236, stack overrun in apiserver 2013-07-28 16:13:10 +02:00
ospf_api.h 2005-05-06 Paul Jakma <paul.jakma@sun.com> 2005-05-06 21:37:42 +00:00
ospf_apiserver.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_apiserver.h ospf: Fix OSPF API and ospf-te LSA refreshers to match recent API change 2011-04-13 15:13:33 +01:00
ospf_asbr.c ospfd: avoid redundant lookup in ospf_redistribute_withdraw 2011-12-06 15:02:52 +04:00
ospf_asbr.h [ospfd] CID #28, remove another ospf_lookup call - ospf_redistribute_withdraw 2006-05-12 23:02:46 +00:00
ospf_ase.c ospfd: address more trivial compiler warnings 2012-01-08 11:43:07 +00:00
ospf_ase.h 2005-05-06 Paul Jakma <paul.jakma@sun.com> 2005-05-06 21:37:42 +00:00
ospf_dump.c ospfd: introduce ospf_auth_type_str[] 2012-03-12 11:05:34 +01:00
ospf_dump.h ospfd: introduce ospf_auth_type_str[] 2012-03-12 11:05:34 +01:00
ospf_flood.c ospfd: improve fix to CVE-2011-3326 (BZ#586) 2011-11-15 20:50:48 +04:00
ospf_flood.h ospfd: Fix maxage/flush to not try flood twice, remember maxages for longer 2010-12-08 17:13:19 +00:00
ospf_ia.c [ospfd] CID #14, NULL check ospf->backbone before use, ospf_update_router_route 2006-05-12 23:04:45 +00:00
ospf_ia.h 2005-05-06 Paul Jakma <paul.jakma@sun.com> 2005-05-06 21:37:42 +00:00
ospf_interface.c ospfd: Optimize and improve SPF nexthop calculation 2012-07-25 18:07:30 +02:00
ospf_interface.h ospfd: Optimize and improve SPF nexthop calculation 2012-07-25 18:07:30 +02:00
ospf_ism.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_ism.h [ospfd] Make OSPF_ISM_TIMER_OFF macro safer. 2005-11-16 19:33:22 +00:00
ospf_lsa.c ospfd: fix flooding procedure 2013-04-20 06:14:27 +02:00
ospf_lsa.h ospfd: fix flooding procedure 2013-04-20 06:14:27 +02:00
ospf_lsdb.c ospf: Convert MAX_AGE LSA list to tree 2013-01-07 09:59:43 -08:00
ospf_lsdb.h ospf: Convert MAX_AGE LSA list to tree 2013-01-07 09:59:43 -08:00
ospf_main.c ospf: fix apiserver enable 2013-01-07 09:59:46 -08:00
ospf_neighbor.c [cleanup] Convert XMALLOC/memset to XCALLOC 2009-06-12 17:07:49 +01:00
ospf_neighbor.h [ospfd] Additional NSM neighbour state change stats/information 2006-07-25 20:44:12 +00:00
ospf_network.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_network.h ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_nsm.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_nsm.h ospfd: Update nsm_change_state to static scope, as it is not called from elsewhere 2013-01-07 09:59:57 -08:00
ospf_opaque.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_opaque.h ospfd: Compile fix for opaque support 2011-03-22 15:23:55 +00:00
ospf_packet.c ospfd: protect vs. VU#229804 (malformed Router-LSA) 2013-08-06 12:41:46 +02:00
ospf_packet.h ospfd: introduce ospf_lsa_minlen[] (BZ#705) 2012-03-12 11:05:28 +01:00
ospf_route.c ospf: suppress delete using replacement 2013-01-07 09:59:40 -08:00
ospf_route.h ospfd: blackhole route removal for area range 2012-10-25 10:15:58 -07:00
ospf_routemap.c ospfd: Fixed signed/unsigned masking of negative metrics 2013-01-07 09:59:49 -08:00
ospf_snmp.c snmp: let handlers accept OID from a lesser prefix 2012-06-25 19:03:23 +02:00
ospf_snmp.h 2005-09-29 Alain Ritoux <alain.ritoux@6wind.com> 2005-09-29 16:34:30 +00:00
ospf_spf.c ospfd: restore nexthop IP for p2p interfaces 2013-04-09 22:38:04 +02:00
ospf_spf.h [ospfd] Fix SPF of virtual-links 2006-05-04 07:32:57 +00:00
ospf_te.c ospfd: Changed TE instance check to remove -Wtype-limits warning 2013-01-07 09:59:53 -08:00
ospf_te.h ospfd: Changed TE instance check to remove -Wtype-limits warning 2013-01-07 09:59:53 -08:00
ospf_vty.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_vty.h 2005-05-06 Paul Jakma <paul.jakma@sun.com> 2005-05-06 21:37:42 +00:00
ospf_zebra.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospf_zebra.h ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
OSPF-ALIGNMENT.txt add note about alignment in LS updates due to opaque LSAs. 2004-11-17 17:59:52 +00:00
OSPF-MIB.txt spelling: s/supress/suppress/ 2004-11-05 13:24:12 +00:00
OSPF-TRAP-MIB.txt Initial revision 2002-12-13 20:15:29 +00:00
ospfd.c ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00
ospfd.conf.sample Initial revision 2002-12-13 20:15:29 +00:00
ospfd.h ospfd: compile warning cleanups 2013-01-07 09:59:59 -08:00