git.puffer.fish Git - matthieu/frr.git/commit

]> git.puffer.fish Git - matthieu/frr.git/commit

author	CROSS <info@codenomicon.com>
	Mon, 26 Sep 2011 09:17:21 +0000 (13:17 +0400)
committer	Denis Ovsienko <infrastation@yandex.ru>
	Mon, 26 Sep 2011 14:46:28 +0000 (18:46 +0400)
commit	6b161fc12a15aba8824c84d1eb38e529aaf70769
tree	abd6c391a491495c70203420e5d91dbcdf282383	tree \| snapshot
parent	94431dbc753171b48b5c6806af97fd690813b00a	commit \| diff

ospfd: CVE-2011-3326 (uknown LSA type segfault)

This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.

Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.

* ospf_flood.c
* ospf_flood(): check return value of ospf_lsa_install()

ospfd/ospf_flood.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom