ospfd: review ospf_check_auth()

1. The only purpose of "ibuf" argument was to get stream size, which
was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized
in ospf_new().

2. Fix the packet size check condition, which was incorrect for very
large packets, at least in theory.

diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index d52430a3e8c433309d62c14544dd7567ef615ef3..b18117b5af47674b9ece2b0160af4dd92fab8765 100644 (file)
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -2260,8 +2260,7 @@ ospf_check_network_mask (struct ospf_interface *oi, struct in_addr ip_src)
 }
 
 static int
-ospf_check_auth (struct ospf_interface *oi, struct stream *ibuf,
-                struct ospf_header *ospfh)
+ospf_check_auth (struct ospf_interface *oi, struct ospf_header *ospfh)
 {
   int ret = 0;
   struct crypt_key *ck;
@@ -2287,7 +2286,7 @@ ospf_check_auth (struct ospf_interface *oi, struct stream *ibuf,
       /* This is very basic, the digest processing is elsewhere */
       if (ospfh->u.crypt.auth_data_len == OSPF_AUTH_MD5_SIZE && 
           ospfh->u.crypt.key_id == ck->key_id &&
-          ntohs (ospfh->length) + OSPF_AUTH_SIMPLE_SIZE <= stream_get_size (ibuf))
+          ntohs (ospfh->length) + OSPF_AUTH_MD5_SIZE <= OSPF_MAX_PACKET_SIZE)
         ret = 1;
       else
         ret = 0;
@@ -2411,7 +2410,7 @@ ospf_verify_header (struct stream *ibuf, struct ospf_interface *oi,
       return -1;
     }
 
-  if (! ospf_check_auth (oi, ibuf, ospfh))
+  if (! ospf_check_auth (oi, ospfh))
     {
       zlog_warn ("interface %s: ospf_read authentication failed.",
                 IF_NAME (oi));