On Mon, Mar 22, 2010 at 10:31:32AM +0200, Vitaliy Kolodinsky wrote:
Dear, Ondrej Zajicek.
?? ?????? 20 ????? 2010 ?., 3:30:42:
diff -uprN bird-1.2.1/proto/ospf/packet.c bird-1.2.1-/proto/ospf/packet.c --- bird-1.2.1/proto/ospf/packet.c 2010-01-14 11:06:27.000000000 +0100 +++ bird-1.2.1-/proto/ospf/packet.c 2010-03-19 19:24:47.000000000 +0100 @@ -179,7 +179,7 @@ ospf_pkt_checkauth(struct ospf_neighbor return 0; }
- if (ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE != size) + if (ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE < size) { OSPF_TRACE(D_PACKETS, "OSPF_auth: size mismatch (%d vs %d)", ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE, size);
The patch does not work. If the IP packet contains the LLS block, the size
I am sorry for a mistake, there should be the opposite inequality. The content of the LLS block might be ignored, but we must ensure that we access valid data. The fixed patch is attached. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."