ospfd: improve fix to CVE-2011-3326 (BZ#586) Make ospf_flood() propagate error returned by ospf_lsa_install() further to properly discard the malformed LSA, not just prevent the immediate crash.

commit: 4de148e5d6f6f7885b2c0952a236a3bc3ec36250 [log] [tgz]
author: Thomas Ries <tries@gmx.net> Thu Oct 27 17:43:38 2011 +0400
committer: Denis Ovsienko <infrastation@yandex.ru> Tue Nov 15 20:50:48 2011 +0400
tree: 5360772467235934673f5b7e3c039424bcc61329
parent: 1758dbaa3b69bd6e95fb501c40f044f751557e76 [diff] [blame]
diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c
index 004ed1a..2ebae89 100644
--- a/ospfd/ospf_flood.c
+++ b/ospfd/ospf_flood.c

@@ -320,7 +320,7 @@
      MinLSArrival seconds have elapsed. */  
 
   if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
-    return 0; /* unknown LSA type */
+    return -1; /* unknown LSA type or any other error condition */
 
   /* Acknowledge the receipt of the LSA by sending a Link State
      Acknowledgment packet back out the receiving interface. */
commit	4de148e5d6f6f7885b2c0952a236a3bc3ec36250	[log] [tgz]
author	Thomas Ries <tries@gmx.net>	Thu Oct 27 17:43:38 2011 +0400
committer	Denis Ovsienko <infrastation@yandex.ru>	Tue Nov 15 20:50:48 2011 +0400
tree	5360772467235934673f5b7e3c039424bcc61329
parent	1758dbaa3b69bd6e95fb501c40f044f751557e76 [diff] [blame]