ospfd: address CVE-2017-3224 - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Chirag Shah <chirag@cumulusnetworks.com>	2019-01-25 17:21:24 -0800
committer	Chirag Shah <chirag@cumulusnetworks.com>	2019-02-03 14:42:37 -0800
commit	76c1efd7550668a46f499bfc7cc71d00c4ac2d54 (patch)
tree	3a528ea11837b715da94069a7bb8e38ce602dee1 /lib/log.h
parent	41e8603bfab2db06ac0f29bd57e95508bfae6798 (diff)

ospfd: address CVE-2017-3224

Based on the vulnerability mentioned in 793496 an attacker can craft an LSA with MaxSequence number wtih invalid links and not set age to MAX_AGE so the lsa would not be flush from the database. To address the issue, check incoming LSA is MaxSeq but Age is not set to MAX_AGE 3600, discard the LSA from processing it. Based on RFC-2328 , When a LSA update sequence reaches MaxSequence number, it should be prematurely aged out from the database with age set to MAX_AGE (3600). Ticket:CM-18989 Reviewed By: Testing Done: Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>

Diffstat (limited to 'lib/log.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: