ospfd: Solved crash in RI parsing with OSPF TE - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Olivier Dugeon <olivier.dugeon@orange.com>	2024-04-03 16:28:23 +0200
committer	Donatas Abraitis <donatas@opensourcerouting.org>	2024-05-28 17:40:18 +0300
commit	c7ef95210c4715cbe3e2ecae875c1bc423069d16 (patch)
tree	cdfd853761efab1c6964a21abff4fe90e50ad36d /lib/command_py.c
parent	f1ffec340fa23540f438576db69d46000310a3f8 (diff)

ospfd: Solved crash in RI parsing with OSPF TE

Iggy Frankovic discovered another ospfd crash when performing fuzzing of OSPF LSA packets. The crash occurs in ospf_te_parse_ri() function when attemping to read Segment Routing subTLVs. The original code doesn't check if the size of the SR subTLVs have the correct length. In presence of erronous LSA, this will cause a buffer overflow and ospfd crash. This patch introduces new verification of the subTLVs size for Router Information TLV. Co-authored-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>

Diffstat (limited to 'lib/command_py.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: