diff options
| author | Acee Lindem <acee@lindem.com> | 2024-06-04 21:24:46 +0000 |
|---|---|---|
| committer | Acee Lindem <acee@lindem.com> | 2024-06-04 21:24:46 +0000 |
| commit | 3f359d732c0be97e580d752cbf8099932afe7dcb (patch) | |
| tree | d1e7bd529fd6b1af8f074f696e871a901f5706b8 /ospf6d | |
| parent | 17e1f7c2ff94da6d554a464a316ad037d6727749 (diff) | |
ospf6d: OSPFv3 manual key authentication neglects checking the SA ID.
Also, add topotest variation to verify checking.
This corrects https://github.com/FRRouting/frr/issues/16100.
Signed-off-by: Acee Lindem <acee@lindem.com>
Diffstat (limited to 'ospf6d')
| -rw-r--r-- | ospf6d/ospf6_auth_trailer.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ospf6d/ospf6_auth_trailer.c b/ospf6d/ospf6_auth_trailer.c index 8d9eff409e..860d273796 100644 --- a/ospf6d/ospf6_auth_trailer.c +++ b/ospf6d/ospf6_auth_trailer.c @@ -517,6 +517,15 @@ int ospf6_auth_check_digest(struct ospf6_header *oh, struct ospf6_interface *oi, } } else if (CHECK_FLAG(oi->at_data.flags, OSPF6_AUTH_TRAILER_MANUAL_KEY)) { + if (oi->at_data.key_id != ntohs(ospf6_auth->id)) { + if (IS_OSPF6_DEBUG_AUTH_RX) + zlog_err("RECV[%s]: Auth SA ID mismatch for %s, received %u vs configured %u", + oi->interface->name, + ospf6_message_type(oh->type), + ntohs(ospf6_auth->id), + oi->at_data.key_id); + return OSPF6_AUTH_VALIDATE_FAILURE; + } auth_str = oi->at_data.auth_key; hash_algo = oi->at_data.hash_algo; } |