From 69fbf9a25190e0149dcc31e830e952c586fe2024 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Thu, 3 Dec 2009 18:25:14 +0100 Subject: Minor fix in LSA update. --- proto/ospf/lsack.c | 4 ++-- proto/ospf/lsupd.c | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/proto/ospf/lsack.c b/proto/ospf/lsack.c index 857f0c1..ba9a918 100644 --- a/proto/ospf/lsack.c +++ b/proto/ospf/lsack.c @@ -76,9 +76,9 @@ ospf_lsack_send(struct ospf_neighbor *n, int queue) { no = (struct lsah_n *) HEAD(n->ackl[queue]); memcpy(h + i, &no->lsa, sizeof(struct ospf_lsa_header)); - i++; - DBG("Iter %u ID: %R, RT: %R, Type: %u\n", i, ntohl((h + i)->id), + DBG("Iter %u ID: %R, RT: %R, Type: %04x\n", i, ntohl((h + i)->id), ntohl((h + i)->rt), (h + i)->type); + i++; rem_node(NODE no); mb_free(no); if ((i * sizeof(struct ospf_lsa_header) + diff --git a/proto/ospf/lsupd.c b/proto/ospf/lsupd.c index b1f6f46..75c6702 100644 --- a/proto/ospf/lsupd.c +++ b/proto/ospf/lsupd.c @@ -449,8 +449,9 @@ ospf_lsupd_receive(struct ospf_packet *ps_i, struct ospf_iface *ifa, struct ospf_lsa_header *lsa = (void *) (((u8 *) ps) + offset); unsigned int lsalen = ntohs(lsa->length); - - if (((offset + lsalen) > size) || ((lsalen % 4) != 0) || + offset += lsalen; + + if ((offset > size) || ((lsalen % 4) != 0) || (lsalen <= sizeof(struct ospf_lsa_header))) { log(L_WARN "Received LSA from %I with bad length", n->ip); -- cgit v1.2.3