diff options
| author | Olivier Dugeon <olivier.dugeon@orange.com> | 2024-04-16 16:42:06 +0200 |
|---|---|---|
| committer | Olivier Dugeon <olivier.dugeon@orange.com> | 2024-05-23 10:47:34 +0200 |
| commit | 8c177d69e32b91b45bda5fc5da6511fa03dc11ca (patch) | |
| tree | 4f4afa07089d1dad30ceb5d09ff3fa7226e08fd5 /ospfd/ospf_vty.h | |
| parent | ospfd: Correct Opaque LSA Extended parser (diff) | |
| download | frr-8c177d69e32b91b45bda5fc5da6511fa03dc11ca.tar.xz frr-8c177d69e32b91b45bda5fc5da6511fa03dc11ca.zip | |
ospfd: protect call to get_edge() in ospf_te.c
During fuzzing, Iggy Frankovic discovered that get_edge() function in ospf_te.c
could return null pointer, in particular when the link_id or advertised router
IP addresses are fuzzed. As the null pointer returned by get_edge() function is
not handlei by calling functions, this could cause ospfd crash.
This patch introduces new verification of returned pointer by get_edge()
function and stop the processing in case of null pointer. In addition, link ID
and advertiser router ID are validated before calling ls_find_edge_by_key() to
avoid the creation of a new edge with an invalid key.
CVE-2024-34088
Co-authored-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Diffstat (limited to 'ospfd/ospf_vty.h')
0 files changed, 0 insertions, 0 deletions