git.puffer.fish Git - mirror/frr.git/commit

]> git.puffer.fish Git - mirror/frr.git/commit

author	CROSS <info@codenomicon.com>
	Mon, 26 Sep 2011 09:17:21 +0000 (13:17 +0400)
committer	Denis Ovsienko <infrastation@yandex.ru>
	Mon, 26 Sep 2011 14:39:52 +0000 (18:39 +0400)
commit	af143a26ef96ba9be7b9c0b151b7605e1c2c74cd
tree	52d988f2eb1ccaddec7a725ee30766593dfc1f6b	tree \| snapshot
parent	a1afbc6e1d56b06409de5e8d7d984d565817fd96	commit \| diff

ospfd: CVE-2011-3326 (uknown LSA type segfault)

This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.

Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.

* ospf_flood.c
* ospf_flood(): check return value of ospf_lsa_install()

ospfd/ospf_flood.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom