diff options
| author | Ondrej Filip <feela@network.cz> | 2004-07-13 16:46:14 +0200 |
|---|---|---|
| committer | Ondrej Filip <feela@network.cz> | 2004-07-13 16:46:14 +0200 |
| commit | bc956fcab678f591137cba2a0ebe80c0812437db (patch) | |
| tree | fdd40cd36d69559e1a0997cfaa7e58ae208a3f00 /proto/ospf/packet.c | |
| parent | 32d3228d864cb6af8c679a7742f4b0a71c2facc0 (diff) | |
| download | bird-bc956fcab678f591137cba2a0ebe80c0812437db.tar bird-bc956fcab678f591137cba2a0ebe80c0812437db.zip | |
MD5 authentication in OSPF works. :-)
Diffstat (limited to 'proto/ospf/packet.c')
| -rw-r--r-- | proto/ospf/packet.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 9d5a924..488a3a2 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -87,7 +87,6 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt) password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE); MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE); MD5Final(tail, &ctxt); - break; default: bug("Unknown authentication type"); @@ -166,8 +165,8 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ WALK_LIST(ptmp, *(ifa->passwords)) { - if (pkt->u.md5.keyid != pass->id) continue; - if ((pass->genfrom > now) || (pass->gento < now)) continue; + if (pkt->u.md5.keyid != ptmp->id) continue; + if ((ptmp->genfrom > now) || (ptmp->gento < now)) continue; pass = ptmp; break; } @@ -180,12 +179,11 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ if(n) { - if(ntohs(pkt->u.md5.csn) <= n->csn) + if(ntohs(pkt->u.md5.csn) < n->csn) { OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number"); return 0; } - n->csn = ntohs(pkt->u.md5.csn); } @@ -194,7 +192,7 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_ password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE); MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE); MD5Final(md5sum, &ctxt); - if (!memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE)) + if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE)) { OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest"); return 0; @@ -257,7 +255,8 @@ ospf_rx_hook(sock * sk, int size) return 1; } - if ((ifa->autype != OSPF_AUTH_CRYPT) && (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet), + if ((ps->autype != htons(OSPF_AUTH_CRYPT)) && + (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet), ntohs(ps->length) - sizeof(struct ospf_packet), NULL))) { log(L_ERR "%s%I - bad checksum", mesg, sk->faddr); |