isisd: drop hellos without supported protocol list
isisd should not form adjacencies on receiving an IS-IS Hello without a
list of supported protocols (cf. RFC 1195 s4.4 p32 "Maintaining Router
Adjacencies") Also fixes memleaks in these error cases.
* isisd/isis_pdu.c: improve TLVFLAG_NLPID handling
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Tested-by: Martin Winter <mwinter@opensourcerouting.org>
diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
index 083ddc7..8a92789 100644
--- a/isisd/isis_pdu.c
+++ b/isisd/isis_pdu.c
@@ -493,6 +493,13 @@
return ISIS_WARNING;
}
+ if (!(found & TLVFLAG_NLPID))
+ {
+ zlog_warn ("No supported protocols TLV in P2P IS to IS hello");
+ free_tlvs (&tlvs);
+ return ISIS_WARNING;
+ }
+
/* 8.2.5.1 c) Authentication */
if (circuit->passwd.type)
{
@@ -550,9 +557,11 @@
tlvs_to_adj_area_addrs (&tlvs, adj);
/* which protocol are spoken ??? */
- if (found & TLVFLAG_NLPID)
- if (tlvs_to_adj_nlpids (&tlvs, adj))
- return ISIS_ERROR;
+ if (tlvs_to_adj_nlpids (&tlvs, adj))
+ {
+ free_tlvs (&tlvs);
+ return ISIS_WARNING;
+ }
/* we need to copy addresses to the adj */
if (found & TLVFLAG_IPV4_ADDR)
@@ -973,6 +982,14 @@
goto out;
}
+ if (!(found & TLVFLAG_NLPID))
+ {
+ zlog_warn ("No supported protocols TLV in Level %d LAN IS to IS hello",
+ level);
+ retval = ISIS_WARNING;
+ goto out;
+ }
+
/* Verify authentication, either cleartext of HMAC MD5 */
if (circuit->passwd.type)
{
@@ -1103,8 +1120,11 @@
tlvs_to_adj_area_addrs (&tlvs, adj);
/* which protocol are spoken ??? */
- if (found & TLVFLAG_NLPID)
- tlvs_to_adj_nlpids (&tlvs, adj);
+ if (tlvs_to_adj_nlpids (&tlvs, adj))
+ {
+ retval = ISIS_WARNING;
+ goto out;
+ }
/* we need to copy addresses to the adj */
if (found & TLVFLAG_IPV4_ADDR)