diff options
| author | Ondrej Zajicek <santiago@crfreenet.org> | 2009-10-29 23:57:42 +0100 |
|---|---|---|
| committer | Ondrej Zajicek <santiago@crfreenet.org> | 2009-10-29 23:57:42 +0100 |
| commit | a6bc04d59130c49a1dbfadffa4285b11e2ff4939 (patch) | |
| tree | b5f453dc5fbe20204883149e1bc153905f356709 /proto/ospf/packet.c | |
| parent | 9d4d38d1a5d67f5485d2b2fa439c879583dfdcb0 (diff) | |
| download | bird-a6bc04d59130c49a1dbfadffa4285b11e2ff4939.tar bird-a6bc04d59130c49a1dbfadffa4285b11e2ff4939.zip | |
Implements better checks on incoming packets and LSAs in OSPF.
Diffstat (limited to 'proto/ospf/packet.c')
| -rw-r--r-- | proto/ospf/packet.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 0bb1f51..9422a9f 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -286,6 +286,7 @@ ospf_rx_hook(sock * sk, int size) return 1; } + /* This is strange! */ if ((ifa->oa->areaid != 0) && (ntohl(ps->areaid) == 0)) { WALK_LIST(iff, po->iface_list) @@ -300,17 +301,16 @@ ospf_rx_hook(sock * sk, int size) DBG("%s: RX_Hook called on interface %s.\n", p->name, sk->iface->name); - osize = ntohs(ps->length); - if ((unsigned) size < sizeof(struct ospf_packet)) { log(L_ERR "%s%I - too short (%u bytes)", mesg, sk->faddr, size); return 1; } - if ((osize > size) || (osize != (4 * (osize / 4)))) + osize = ntohs(ps->length); + if ((osize > size) || ((osize % 4) != 0)) { - log(L_ERR "%s%I - size field does not match (%d/%d)", mesg, sk->faddr, ntohs(ps->length), size ); + log(L_ERR "%s%I - size field does not match (%d/%d)", mesg, sk->faddr, osize, size); return 1; } @@ -324,7 +324,7 @@ ospf_rx_hook(sock * sk, int size) #ifdef OSPFv2 if ((ps->autype != htons(OSPF_AUTH_CRYPT)) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet), - ntohs(ps->length) - sizeof(struct ospf_packet), NULL))) + osize - sizeof(struct ospf_packet), NULL))) { log(L_ERR "%s%I - bad checksum", mesg, sk->faddr); return 1; @@ -358,17 +358,17 @@ ospf_rx_hook(sock * sk, int size) return 1; } - if (((unsigned) size > sk->rbsize) || (ntohs(ps->length) > sk->rbsize)) + if ((unsigned) size > sk->rbsize) { - log(L_ERR "%s%I - packet is too large (%d-%d vs %d)", - mesg, sk->faddr, size, ntohs(ps->length), sk->rbsize); + log(L_ERR "%s%I - packet is too large (%d vs %d)", + mesg, sk->faddr, size, sk->rbsize); return 1; } /* This is deviation from RFC 2328 - neighbours should be identified by * IP address on broadcast and NBMA networks. */ - n = find_neigh(ifa, ntohl(((struct ospf_packet *) ps)->routerid)); + n = find_neigh(ifa, ntohl(ps->routerid)); if(!n && (ps->type != HELLO_P)) { |