From: Thomas Ries <tries@gmx.net>
Date: Thu, 27 Oct 2011 13:43:38 +0000 (+0400)
Subject: ospfd: improve fix to CVE-2011-3326 (BZ#586)
X-Git-Tag: frr-2.0-rc1~1918^2~67
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=70e3ca2ccedca2cae58bd91c968714cad0f9d5d6;p=mirror%2Ffrr.git

ospfd: improve fix to CVE-2011-3326 (BZ#586)

Make ospf_flood() propagate error returned by ospf_lsa_install() further
to properly discard the malformed LSA, not just prevent the immediate
crash.
---

diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c
index fc0bbf1268..f72087b5d2 100644
--- a/ospfd/ospf_flood.c
+++ b/ospfd/ospf_flood.c
@@ -320,7 +320,7 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
      MinLSArrival seconds have elapsed. */  
 
   if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
-    return 0; /* unknown LSA type */
+    return -1; /* unknown LSA type or any other error condition */
 
   /* Acknowledge the receipt of the LSA by sending a Link State
      Acknowledgment packet back out the receiving interface. */