ospfd: Correct Opaque LSA Extended parser - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Olivier Dugeon <olivier.dugeon@orange.com>	2024-04-05 12:57:11 +0200
committer	Donatas Abraitis <donatas@opensourcerouting.org>	2024-05-28 17:40:14 +0300
commit	f1ffec340fa23540f438576db69d46000310a3f8 (patch)
tree	7852a19e967fd02990403f3f32a6b921354450a3 /lib/command_py.c
parent	1a35a2c0667b34f8472eacabde8182abb67ddee4 (diff)

ospfd: Correct Opaque LSA Extended parser

Iggy Frankovic discovered another ospfd crash when performing fuzzing of OSPF LSA packets. The crash occurs in ospf_te_parse_ext_link() function when attemping to read Segment Routing Adjacency SID subTLVs. The original code doesn't check if the size of the Extended Link TLVs and subTLVs have the correct length. In presence of erronous LSA, this will cause a buffer overflow and ospfd crashes. This patch introduces new verification of the subTLVs size for Extended Link TLVs and subTLVs. Similar check has been also introduced for the Extended Prefix TLV. Co-authored-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>

Diffstat (limited to 'lib/command_py.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: