Missing checking the lsa_length in ospf
Mingwei Zheng
zmw12306 at gmail.com
Mon Apr 24 21:51:22 CEST 2023
Hi,
I am doing testing work on network protocols and here is one possible issue I noticed in OSPF.
I noticed that you have checked the length of lsa in your function ospf_dump_lsupd in lsupd.c <https://gitlab.nic.cz/labs/bird/-/blob/master/proto/ospf/lsupd.c>:
if (((lsa_len % 4) != 0) || (lsa_len <= sizeof(struct ospf_lsa_header)))
goto invalid;
However in the other packet types, like LSACK and LSREQ, I didn’t see similar checking. I am worrying about whether this would be an issue.
I would really appreciate it if anyone can have a look at it. Thank you!
Best
Mingwei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230424/cbdf9c72/attachment.htm>
More information about the Bird-users
mailing list