diff options
author | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2020-06-10 13:27:14 +0200 |
---|---|---|
committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2020-06-10 13:27:14 +0200 |
commit | 82937b465b3a50bdcb00eff0b7aa6acb3fc21772 (patch) | |
tree | ae016397324e036374877b8876d343968a99bdc2 | |
parent | 71e08edd942557ec333902bb45c57794f7a66bf8 (diff) |
OSPF: Fix bad header length test
Thanks to Slava Aseev for the thorough bugreport.
-rw-r--r-- | proto/ospf/packet.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 599f3094..cbc8f2ec 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -441,7 +441,8 @@ ospf_rx_hook(sock *sk, uint len) DROP("version mismatch", pkt->version); uint plen = ntohs(pkt->length); - if ((plen < sizeof(struct ospf_packet)) || ((plen % 4) != 0)) + uint hlen = sizeof(struct ospf_packet) + (ospf_is_v2(p) ? sizeof(union ospf_auth2) : 0); + if ((plen < hlen) || ((plen % 4) != 0)) DROP("invalid length", plen); if (sk->flags & SKF_TRUNCATED) @@ -462,9 +463,8 @@ ospf_rx_hook(sock *sk, uint len) if (ospf_is_v2(p) && (pkt->autype != OSPF_AUTH_CRYPT)) { - uint hlen = sizeof(struct ospf_packet) + sizeof(union ospf_auth2); - uint blen = plen - hlen; void *body = ((void *) pkt) + hlen; + uint blen = plen - hlen; if (!ipsum_verify(pkt, sizeof(struct ospf_packet), body, blen, NULL)) DROP("invalid checksum", ntohs(pkt->checksum)); |