summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2020-06-10 13:27:14 +0200
committerOndrej Zajicek (work) <santiago@crfreenet.org>2020-06-10 13:27:14 +0200
commit82937b465b3a50bdcb00eff0b7aa6acb3fc21772 (patch)
treeae016397324e036374877b8876d343968a99bdc2
parent71e08edd942557ec333902bb45c57794f7a66bf8 (diff)
OSPF: Fix bad header length test
Thanks to Slava Aseev for the thorough bugreport.
-rw-r--r--proto/ospf/packet.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index 599f3094..cbc8f2ec 100644
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -441,7 +441,8 @@ ospf_rx_hook(sock *sk, uint len)
DROP("version mismatch", pkt->version);
uint plen = ntohs(pkt->length);
- if ((plen < sizeof(struct ospf_packet)) || ((plen % 4) != 0))
+ uint hlen = sizeof(struct ospf_packet) + (ospf_is_v2(p) ? sizeof(union ospf_auth2) : 0);
+ if ((plen < hlen) || ((plen % 4) != 0))
DROP("invalid length", plen);
if (sk->flags & SKF_TRUNCATED)
@@ -462,9 +463,8 @@ ospf_rx_hook(sock *sk, uint len)
if (ospf_is_v2(p) && (pkt->autype != OSPF_AUTH_CRYPT))
{
- uint hlen = sizeof(struct ospf_packet) + sizeof(union ospf_auth2);
- uint blen = plen - hlen;
void *body = ((void *) pkt) + hlen;
+ uint blen = plen - hlen;
if (!ipsum_verify(pkt, sizeof(struct ospf_packet), body, blen, NULL))
DROP("invalid checksum", ntohs(pkt->checksum));