Gitiles
Code Review Sign In
gerrit.opencord.org / quagga / af143a26ef96ba9be7b9c0b151b7605e1c2c74cd
commitaf143a26ef96ba9be7b9c0b151b7605e1c2c74cd[log] [tgz]
authorCROSS <info@codenomicon.com>Mon Sep 26 13:17:21 2011 +0400
committerDenis Ovsienko <infrastation@yandex.ru>Mon Sep 26 18:39:52 2011 +0400
tree52d988f2eb1ccaddec7a725ee30766593dfc1f6b
parenta1afbc6e1d56b06409de5e8d7d984d565817fd96 [diff]
ospfd: CVE-2011-3326 (uknown LSA type segfault)

This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.

Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.

* ospf_flood.c
  * ospf_flood(): check return value of ospf_lsa_install()
1 file changed
tree: 52d988f2eb1ccaddec7a725ee30766593dfc1f6b
  1. .cvsignore
  2. .gitignore
  3. AUTHORS
  4. COPYING
  5. COPYING.LIB
  6. ChangeLog
  7. HACKING
  8. HACKING.pending
  9. INSTALL.quagga.txt
  10. Makefile.am
  11. NEWS
  12. README
  13. README.NetBSD
  14. REPORTING-BUGS
  15. SERVICES
  16. TODO
  17. bgpd/
  18. bootstrap.sh
  19. configure.ac
  20. doc/
  21. guile/
  22. init/
  23. isisd/
  24. lib/
  25. m4/
  26. ospf6d/
  27. ospfclient/
  28. ospfd/
  29. pkgsrc/
  30. ports/
  31. redhat/
  32. ripd/
  33. ripngd/
  34. solaris/
  35. stamp-h.in
  36. tests/
  37. tools/
  38. update-autotools
  39. vtysh/
  40. watchquagga/
  41. zebra/