From: Thomas Ries <tries@gmx.net>
Date: Thu, 27 Oct 2011 13:43:38 +0000 (+0400)
Subject: ospfd: improve fix to CVE-2011-3326 (BZ#586)
X-Git-Tag: frr-2.0-rc1~1996
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=4de148e5d6f6f7885b2c0952a236a3bc3ec36250;p=mirror%2Ffrr.git

ospfd: improve fix to CVE-2011-3326 (BZ#586)

Make ospf_flood() propagate error returned by ospf_lsa_install() further
to properly discard the malformed LSA, not just prevent the immediate
crash.
---

diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c
index 004ed1a77a..2ebae89ac3 100644
--- a/ospfd/ospf_flood.c
+++ b/ospfd/ospf_flood.c
@@ -320,7 +320,7 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
      MinLSArrival seconds have elapsed. */  
 
   if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
-    return 0; /* unknown LSA type */
+    return -1; /* unknown LSA type or any other error condition */
 
   /* Acknowledge the receipt of the LSA by sending a Link State
      Acknowledgment packet back out the receiving interface. */