summaryrefslogtreecommitdiffstats
path: root/ospfd/ospf_packet.c
diff options
context:
space:
mode:
authorMobashshera Rasool <mrasool@vmware.com>2021-09-03 13:52:23 +0200
committerMobashshera Rasool <mrasool@vmware.com>2021-09-03 15:44:39 +0200
commit44d1115ad6e7c01090d95480a27bd4484c91ffc5 (patch)
tree28f51c8aebdc69a7dec4eaa8cd185be047124647 /ospfd/ospf_packet.c
parentMerge pull request #9538 from donaldsharp/bgp_view_not_working (diff)
downloadfrr-44d1115ad6e7c01090d95480a27bd4484c91ffc5.tar.xz
frr-44d1115ad6e7c01090d95480a27bd4484c91ffc5.zip
ospfd: ANVL Test case 25.22, 25.23 and 28.11 fixes
ANVL Test case 28.11 If the database copy has LS age equal to MaxAge and LS sequence number equal to MaxSequenceNumber, simply discard the received LSA without acknowledging it. ANVL Test Case 25.22 When an attempt is made to increment the sequence number past the maximum value of N - 1 (0x7fffffff; also referred to as MaxSequenceNumber), the current instance of the LSA must first be flushed from the routing domain. ANVL Test Case 25.23 As soon as this flooding of a LSA with LS sequence number MaxSequenceNumber has been acknowledged by all adjacent neighbors, a new instance can be originated with sequence number of InitialSequenceNumber. RCA: When IXIA sent LS Seq num as MAX and LS Age as (MAX - 3), DUT dropped the packet instead of sending ACK. In function ospf_ls_upd, at Line 2106 the code is there to drop the LSA. Hence its failing. Fix: LSAs ACK must be sent when received LSA is having max sequence number but not max-aged. Considering /* CVE-2017-3224 */ issue, have corrected the existing code to prevent attacker from sending LSAs with max sequence number and higher checksum and blocking the flooding of the Max-sequence numbered LSAs. Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
Diffstat (limited to 'ospfd/ospf_packet.c')
-rw-r--r--ospfd/ospf_packet.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index 9930b0bd4..8a76e265b 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -2089,11 +2089,11 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
if (current == NULL
|| (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
/* CVE-2017-3224 */
- if (current && (lsa->data->ls_seqnum ==
- htonl(OSPF_MAX_SEQUENCE_NUMBER)
- && !IS_LSA_MAXAGE(lsa))) {
+ if (current && (IS_LSA_MAX_SEQ(current))
+ && (IS_LSA_MAX_SEQ(lsa))
+ && !IS_LSA_MAXAGE(lsa)) {
zlog_debug(
- "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
+ "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
dump_lsa_key(lsa));
DISCARD_LSA(lsa, 4);