commit 87f81eae2a74580e58cd9bed13a4c62306181d04 Author: David Lamparter Date: Thu Mar 8 04:36:24 2012 +0100 release: 0.99.20.1 * configure.ac: Bump to 0.99.20.1 commit a59c5401a2df169de2c780f13a4563548c04a2b7 Author: Denis Ovsienko Date: Tue Feb 28 15:15:29 2012 +0400 ospfd: reduce ospf_verify_header() Protocol version checks fits ospf_packet_examin() better (like it is implemented in ospf6d), and packet type check is already there. commit e5fa148725fb2a3d1a8df12683f023ff9d65273f Author: Denis Ovsienko Date: Sun Feb 26 17:59:43 2012 +0400 ospfd: bring ospf_check_auth() into focus The old ospf_check_auth() function did two different jobs depending on AuType. For Null and Simple cases it actually authenticated the packet, but for Cryptographic case it only checked declared packet size (not taking the actual number of bytes on wire into account). The calling function, ospf_verify_header(), had its own set of MD5/checksum checks dispatched depending on AuType. This commit makes the packet size check work against the real number of bytes and moves it to ospf_packet_examine(). All MD5/checksum verification is now performed in ospf_check_auth() function. * ospf_packet.c * ospf_packet_examin(): check length with MD5 bytes in mind * ospf_verify_header(): remove all AuType-specific code * ospf_check_auth(): completely rewrite commit 1bdd96caefaa76883bece4d358a60dc890f1e375 Author: Denis Ovsienko Date: Sun Feb 26 17:00:57 2012 +0400 ospfd: introduce ospf_auth_type_str[] commit b03ae9f2d22acd8e3f97714a9c0df744676e344d Author: Denis Ovsienko Date: Mon Feb 20 23:08:10 2012 +0400 ospfd: fix packet length check for auth/LLS cases An OSPFv2 packet with trailing data blocks (authentication and/or link-local signaling) failed the recently implemented packet length check, because trailing data length isn't counted in the packet header "length" field. This commit fixes respective check conditions. * ospf_packet.c * ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire" commit fba10fc38f482c617fdfbb81b8d855df56eeda51 Author: Denis Ovsienko Date: Fri Feb 17 16:20:50 2012 +0400 ospfd: introduce ospf_lsa_minlen[] (BZ#705) This commit ports more packet checks to OSPFv2, in particular, LSA size verification and Router-LSA link blocks verification. * ospf_lsa.h: add LSA size macros * ospf_packet.h: add struct ospf_ls_update * ospf_packet.c * ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[] * ospf_router_lsa_links_examin(): new function, verifies trailing part of a Router-LSA * ospf_lsa_examin(): new function like ospf6_lsa_examin() * ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin() * ospf_packet_examin(): add type-specific deeper level checks commit 7edfc01207f3eee8f26d5c22cfef7c7f030c52ce Author: Denis Ovsienko Date: Mon Jan 30 20:32:39 2012 +0400 ospfd: review ospf_check_md5_digest() Rewrite some pointer arithmetics without the additional variables and move byte order conversion inside the function. commit 3779a3bf9d27b3cccda7e45223884257af362c28 Author: Denis Ovsienko Date: Mon Jan 30 16:07:18 2012 +0400 ospfd: review ospf_check_auth() 1. The only purpose of "ibuf" argument was to get stream size, which was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized in ospf_new(). 2. Fix the packet size check condition, which was incorrect for very large packets, at least in theory. commit 3092cd57fb44c8293995d013bd86937d1a91745f Author: Denis Ovsienko Date: Mon Jan 30 15:41:39 2012 +0400 ospfd: introduce ospf_packet_minlen[] (BZ#705) This commit ports some of the OSPFv3 packet reception checks to OSPFv2. * ospf_packet.c * ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[] * ospf_packet_examin(): new function designed after the first part of ospf6_packet_examin() * ospf_read(): verify received packet with ospf_packet_examin() * ospf_packet.h: add convenience macros commit 099ed6744881e71957f2bfeebc4c0727714d2394 Author: Denis Ovsienko Date: Fri Jan 20 22:32:10 2012 +0400 ospfd: fix ospf_packet_add_top() to use LOOKUP() commit 393b2d64dc0625ba8e01e9e1516efac06d13072e Author: Denis Ovsienko Date: Sun Jan 15 19:12:19 2012 +0400 ospfd: use LOOKUP() for ospf_packet_type_str * ospf_packet.h: add proper str/max extern declarations * ospf_packet.c * ospf_packet_type_str: rewrite in "struct message", add max value * ospf_packet_add(): use LOOKUP() * ospf_write(): ditto * ospf_hello(): ditto * ospf_read(): ditto * ospf_dump.h: the declaration does not belong here * ospf_dump.c * ospf_header_dump(): use LOOKUP() * show_debugging_ospf(): ditto commit 3cab749fdba9bd3aee48162581797d153ce0defb Author: Paul Jakma Date: Mon Jan 9 20:59:26 2012 +0000 bgpd: Open option parse errors don't NOTIFY, resulting in abort & DoS * bgp_packet.c: (bgp_open_receive) Errors from bgp_open_option_parse are detected, and the code will stop processing the OPEN and return. However it does so without calling bgp_notify_send to send a NOTIFY - which means the peer FSM doesn't get stopped, and bgp_read will be called again later. Because it returns, it doesn't go through the code near the end of the function that removes the current message from the peer input streaam. Thus the next call to bgp_read will try to parse a half-parsed stream as if it were a new BGP message, leading to an assert later in the code when it tries to read stuff that isn't there. Add the required call to bgp_notify_send before returning. * bgp_open.c: (bgp_capability_as4) Be a bit stricter, check the length field corresponds to the only value it can be, which is the amount we're going to read off the stream. And make sure the capability flag gets set, so callers can know this capability was read, regardless. (peek_for_as4_capability) Let bgp_capability_as4 do the length check.