summaryrefslogtreecommitdiff
path: root/ospfd
diff options
context:
space:
mode:
Diffstat (limited to 'ospfd')
-rw-r--r--ospfd/ospf_auth.c33
-rw-r--r--ospfd/ospf_zebra.c24
2 files changed, 22 insertions, 35 deletions
diff --git a/ospfd/ospf_auth.c b/ospfd/ospf_auth.c
index 2d13d4e9ad..11ee1ddb18 100644
--- a/ospfd/ospf_auth.c
+++ b/ospfd/ospf_auth.c
@@ -89,7 +89,7 @@ static int ospf_auth_check_hmac_sha_digest(struct ospf_interface *oi,
uint16_t length = ntohs(ospfh->length);
uint16_t hash_length = keychain_get_hash_len(key->hash_algo);
#ifdef CRYPTO_OPENSSL
- unsigned int openssl_hash_length = hash_length;
+ uint32_t openssl_hash_length = hash_length;
HMAC_CTX *ctx;
const EVP_MD *md_alg = ospf_auth_get_openssl_evp_md_from_key(key);
@@ -159,6 +159,13 @@ static int ospf_auth_check_md5_digest(struct ospf_interface *oi,
struct crypt_key *ck = NULL;
uint16_t length = ntohs(ospfh->length);
+ if (length < sizeof(struct ospf_header)) {/* for coverity's sake */
+ flog_warn(EC_OSPF_AUTH,
+ "%s: Invalid packet length of %u received on interface %s, Router-ID: %pI4",
+ __func__, length, IF_NAME(oi), &ospfh->router_id);
+ return 0;
+ }
+
if (key == NULL) {
ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
ospfh->u.crypt.key_id);
@@ -189,7 +196,7 @@ static int ospf_auth_check_md5_digest(struct ospf_interface *oi,
strlcpy(auth_key, (char *)ck->auth_key, OSPF_AUTH_MD5_SIZE + 1);
/* Generate a digest for the ospf packet - their digest + our digest. */
#ifdef CRYPTO_OPENSSL
- unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
+ uint32_t md5_size = OSPF_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
@@ -222,10 +229,10 @@ static int ospf_auth_check_md5_digest(struct ospf_interface *oi,
static int ospf_auth_make_md5_digest(struct ospf_interface *oi,
struct ospf_packet *op, struct key *key)
{
- void *ibuf;
- struct ospf_header *ospfh;
+ void *ibuf = STREAM_DATA(op->s);
+ struct ospf_header *ospfh = (struct ospf_header *)ibuf;
unsigned char digest[OSPF_AUTH_MD5_SIZE];
- uint16_t length;
+ uint16_t length = ntohs(ospfh->length);
#ifdef CRYPTO_OPENSSL
EVP_MD_CTX *ctx;
#elif CRYPTO_INTERNAL
@@ -233,14 +240,18 @@ static int ospf_auth_make_md5_digest(struct ospf_interface *oi,
#endif
char auth_key[OSPF_AUTH_MD5_SIZE + 1];
+ if ((length < (sizeof(struct ospf_header))) || (length > op->length)) { /* for coverity's sake */
+ flog_warn(EC_OSPF_AUTH,
+ "%s: Invalid packet length of %u received on interface %s, Router-ID: %pI4",
+ __func__, length, IF_NAME(oi), &ospfh->router_id);
+ return 0;
+ }
+
memset(auth_key, 0, OSPF_AUTH_MD5_SIZE + 1);
strlcpy(auth_key, key->string, OSPF_AUTH_MD5_SIZE + 1);
- ibuf = STREAM_DATA(op->s);
- ospfh = (struct ospf_header *)ibuf;
- length = ntohs(ospfh->length);
/* Generate a digest for the ospf packet - their digest + our digest. */
#ifdef CRYPTO_OPENSSL
- unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
+ uint32_t md5_size = OSPF_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
@@ -282,7 +293,7 @@ static int ospf_auth_make_hmac_sha_digest(struct ospf_interface *oi,
ibuf = STREAM_DATA(op->s);
ospfh = (struct ospf_header *)ibuf;
#ifdef CRYPTO_OPENSSL
- unsigned int openssl_hash_length = hash_length;
+ uint32_t openssl_hash_length = hash_length;
HMAC_CTX *ctx;
const EVP_MD *md_alg = ospf_auth_get_openssl_evp_md_from_key(key);
@@ -491,7 +502,7 @@ int ospf_auth_make(struct ospf_interface *oi, struct ospf_packet *op)
if (auth_key) {
/* Generate a digest for the entire packet + our secret key. */
#ifdef CRYPTO_OPENSSL
- unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
+ uint32_t md5_size = OSPF_AUTH_MD5_SIZE;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_md5());
diff --git a/ospfd/ospf_zebra.c b/ospfd/ospf_zebra.c
index abc580b13e..1af703d88d 100644
--- a/ospfd/ospf_zebra.c
+++ b/ospfd/ospf_zebra.c
@@ -162,29 +162,6 @@ static int ospf_interface_link_params(ZAPI_CALLBACK_ARGS)
return 0;
}
-/* VRF update for an interface. */
-static int ospf_interface_vrf_update(ZAPI_CALLBACK_ARGS)
-{
- struct interface *ifp = NULL;
- vrf_id_t new_vrf_id;
-
- ifp = zebra_interface_vrf_update_read(zclient->ibuf, vrf_id,
- &new_vrf_id);
- if (!ifp)
- return 0;
-
- if (IS_DEBUG_OSPF_EVENT)
- zlog_debug(
- "%s: Rx Interface %s VRF change vrf_id %u New vrf %s id %u",
- __func__, ifp->name, vrf_id,
- ospf_vrf_id_to_name(new_vrf_id), new_vrf_id);
-
- /*if_update(ifp, ifp->name, strlen(ifp->name), new_vrf_id);*/
- if_update_to_new_vrf(ifp, new_vrf_id);
-
- return 0;
-}
-
/* Nexthop, ifindex, distance and metric information. */
static void ospf_zebra_add_nexthop(struct ospf *ospf, struct ospf_path *path,
struct zapi_route *api)
@@ -2203,7 +2180,6 @@ static zclient_handler *const ospf_handlers[] = {
[ZEBRA_INTERFACE_ADDRESS_ADD] = ospf_interface_address_add,
[ZEBRA_INTERFACE_ADDRESS_DELETE] = ospf_interface_address_delete,
[ZEBRA_INTERFACE_LINK_PARAMS] = ospf_interface_link_params,
- [ZEBRA_INTERFACE_VRF_UPDATE] = ospf_interface_vrf_update,
[ZEBRA_REDISTRIBUTE_ROUTE_ADD] = ospf_zebra_read_route,
[ZEBRA_REDISTRIBUTE_ROUTE_DEL] = ospf_zebra_read_route,