[PATCH] Fix crash in ospf when authentication is enabled
Kenth Eriksson
kenth.eriksson at infinera.com
Wed Jan 8 14:48:37 CET 2020
The OSPF packet size becomes larger than the socket tx buffer leading
to memory corruptions (buffer overflow).
Make sure that tx_hdrlen is computed after the autype and password
lists are set.
Signed-off-by: Kenth Eriksson <kenth.eriksson at infinera.com>
---
proto/ospf/iface.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proto/ospf/iface.c b/proto/ospf/iface.c
index 7586deaf..9c5cf89e 100644
--- a/proto/ospf/iface.c
+++ b/proto/ospf/iface.c
@@ -587,13 +587,13 @@ ospf_iface_new(struct ospf_area *oa, struct ifa *addr, struct ospf_iface_patt *i
ifa->stub = ospf_iface_stubby(ip, addr);
ifa->ioprob = OSPF_I_OK;
ifa->tx_length = ifa_tx_length(ifa);
- ifa->tx_hdrlen = ifa_tx_hdrlen(ifa);
ifa->check_link = ip->check_link;
ifa->ecmp_weight = ip->ecmp_weight;
ifa->check_ttl = (ip->ttl_security == 1);
ifa->bfd = ip->bfd;
ifa->autype = ip->autype;
ifa->passwords = ip->passwords;
+ ifa->tx_hdrlen = ifa_tx_hdrlen(ifa);
ifa->instance_id = ip->instance_id;
ifa->ptp_netmask = !(addr->flags & IA_PEER);
--
2.21.0
More information about the Bird-users
mailing list