@@ -, +, @@ ospfd: CERT-FI #514837 (uknown LSA type segfault) This vulnerability was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. Quagga ospfd does not seem to handle unknown LSA types in a Link State Update message correctly. If LSA type is something else than one supported by Quagga, the default handling of unknown types leads to an error. * ospf_flood.c * ospf_flood(): check return value of ospf_lsa_install() --- a/ospfd/ospf_flood.c +++ a/ospfd/ospf_flood.c @@ -319,7 +319,8 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr, procedure cannot overwrite the newly installed LSA until MinLSArrival seconds have elapsed. */ - new = ospf_lsa_install (ospf, nbr->oi, new); + if (! (new = ospf_lsa_install (ospf, nbr->oi, new))) + return 0; /* unknown LSA type */ /* Acknowledge the receipt of the LSA by sending a Link State Acknowledgment packet back out the receiving interface. */