diff options
| -rw-r--r-- | lib/log.c | 8 | ||||
| -rw-r--r-- | lib/log.h | 6 | ||||
| -rw-r--r-- | ospfd/ospf_packet.c | 22 |
3 files changed, 31 insertions, 5 deletions
@@ -29,6 +29,7 @@ #include "memory.h" #include "command.h" #include "lib_errors.h" +#include "lib/hook.h" #ifndef SUNOS_5 #include <sys/un.h> @@ -46,6 +47,10 @@ DEFINE_MTYPE_STATIC(LIB, ZLOG, "Logging") +/* hook for external logging */ +DEFINE_HOOK(zebra_ext_log, (int priority, const char *format, va_list args), + (priority, format, args)); + static int logfile_fd = -1; /* Used in signal handler. */ struct zlog *zlog_default = NULL; @@ -213,6 +218,9 @@ void vzlog(int priority, const char *format, va_list args) tsctl.already_rendered = 0; struct zlog *zl = zlog_default; + /* call external hook */ + hook_call(zebra_ext_log, priority, format, args); + /* When zlog_default is also NULL, use stderr for logging. */ if (zl == NULL) { tsctl.precision = 0; @@ -26,6 +26,12 @@ #include <stdint.h> #include <stdbool.h> #include <stdio.h> +#include <stdarg.h> +#include "lib/hook.h" + +/* Hook for external logging function */ +DECLARE_HOOK(zebra_ext_log, (int priority, const char *format, va_list args), + (priority, format, args)); /* Here is some guidance on logging levels to use: * diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c index 30f5a2a80e..ecc55c2ee5 100644 --- a/ospfd/ospf_packet.c +++ b/ospfd/ospf_packet.c @@ -2098,10 +2098,22 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph, if (current == NULL || (ret = ospf_lsa_more_recent(current, lsa)) < 0) { + /* CVE-2017-3224 */ + if (current && (lsa->data->ls_seqnum == + htonl(OSPF_MAX_SEQUENCE_NUMBER) + && !IS_LSA_MAXAGE(lsa))) { + zlog_debug( + "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it", + dump_lsa_key(lsa)); + + DISCARD_LSA(lsa, 4); + continue; + } + /* Actual flooding procedure. */ if (ospf_flood(oi->ospf, nbr, current, lsa) < 0) /* Trap NSSA later. */ - DISCARD_LSA(lsa, 4); + DISCARD_LSA(lsa, 5); continue; } @@ -2158,7 +2170,7 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph, oi->ls_ack, ospf_lsa_lock(lsa)); - DISCARD_LSA(lsa, 5); + DISCARD_LSA(lsa, 6); } else /* Acknowledge the receipt of the LSA by sending a Link State Acknowledgment packet back out the @@ -2166,7 +2178,7 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph, interface. */ { ospf_ls_ack_send(nbr, lsa); - DISCARD_LSA(lsa, 6); + DISCARD_LSA(lsa, 7); } } @@ -2183,7 +2195,7 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph, if (IS_LSA_MAXAGE(current) && current->data->ls_seqnum == htonl(OSPF_MAX_SEQUENCE_NUMBER)) { - DISCARD_LSA(lsa, 7); + DISCARD_LSA(lsa, 8); } /* Otherwise, as long as the database copy has not been sent in a @@ -2206,7 +2218,7 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph, ospf_ls_upd_send_lsa( nbr, current, OSPF_SEND_PACKET_DIRECT); - DISCARD_LSA(lsa, 8); + DISCARD_LSA(lsa, 9); } } } |