summaryrefslogtreecommitdiffstats
path: root/ripd
diff options
context:
space:
mode:
authorRenato Westphal <renato@opensourcerouting.org>2016-11-10 15:53:21 +0100
committerRenato Westphal <renato@opensourcerouting.org>2016-11-25 14:34:39 +0100
commit1cfaf93c5e7512bf235613f651ef21440fbde792 (patch)
tree292f185367aa4d5fff7e41c5b50af9d9121e03e9 /ripd
parentisisd: fix loss of packets after circuit is brought up (diff)
downloadfrr-1cfaf93c5e7512bf235613f651ef21440fbde792.tar.xz
frr-1cfaf93c5e7512bf235613f651ef21440fbde792.zip
ripd: reject authentication strings with zeros in the middle
RFC 2453 says: "If the password is under 16 octets, it must be left-justified and padded to the right with nulls (0x00)". Fixes IxANVL RIP test 10.3. Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Diffstat (limited to 'ripd')
-rw-r--r--ripd/ripd.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/ripd/ripd.c b/ripd/ripd.c
index 612447116..ce7a6d1e9 100644
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -812,7 +812,15 @@ rip_auth_simple_password (struct rte *rte, struct sockaddr_in *from,
struct interface *ifp)
{
struct rip_interface *ri;
- char *auth_str;
+ char *auth_str = (char *) &rte->prefix;
+ int i;
+
+ /* reject passwords with zeros in the middle of the string */
+ for (i = strlen (auth_str); i < 16; i++)
+ {
+ if (auth_str[i] != '\0')
+ return 0;
+ }
if (IS_RIP_DEBUG_EVENT)
zlog_debug ("RIPv2 simple password authentication from %s",
@@ -827,8 +835,6 @@ rip_auth_simple_password (struct rte *rte, struct sockaddr_in *from,
/* Simple password authentication. */
if (ri->auth_str)
{
- auth_str = (char *) &rte->prefix;
-
if (strncmp (auth_str, ri->auth_str, 16) == 0)
return 1;
}
@@ -841,7 +847,7 @@ rip_auth_simple_password (struct rte *rte, struct sockaddr_in *from,
if (keychain == NULL)
return 0;
- key = key_match_for_accept (keychain, (char *) &rte->prefix);
+ key = key_match_for_accept (keychain, auth_str);
if (key)
return 1;
}