@@ -, +, @@
ospfd: CERT-FI #514837 (uknown LSA type segfault)
This vulnerability was reported by CROSS project. They have also
suggested a fix to the problem, which was found acceptable.
Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported by Quagga, the default handling of unknown types leads to an
error.
* ospf_flood.c
* ospf_flood(): check return value of ospf_lsa_install()
--- a/ospfd/ospf_flood.c
+++ a/ospfd/ospf_flood.c
@@ -319,7 +319,8 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
procedure cannot overwrite the newly installed LSA until
MinLSArrival seconds have elapsed. */
- new = ospf_lsa_install (ospf, nbr->oi, new);
+ if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
+ return 0; /* unknown LSA type */
/* Acknowledge the receipt of the LSA by sending a Link State
Acknowledgment packet back out the receiving interface. */
distrib
>
Mageia
>
1
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
8b7eb0953e52bd5d7a877b4559114c52
>
files
>
13
