diff options
| author | paul <paul> | 2004-06-04 01:42:38 +0000 |
|---|---|---|
| committer | paul <paul> | 2004-06-04 01:42:38 +0000 |
| commit | 35a542f38fe4d6224c49698419fdfb43d35d53a7 (patch) | |
| tree | 024626b820557a06f525bcf3665e9713d897db72 | |
| parent | 4baa37e83cc5f25c5d385748b518fec7764e6c0b (diff) | |
| download | quagga-35a542f38fe4d6224c49698419fdfb43d35d53a7.tar.bz2 quagga-35a542f38fe4d6224c49698419fdfb43d35d53a7.tar.xz | |
2004-06-04 JJ Ludman <jacques.ludman@sun.com>
* ripd.c: Interoperability fix. Correct value for MD5 auth length
is 16. Accept packets with this set to >= 16, and set to 16
ourselves.
| -rw-r--r-- | ripd/ChangeLog | 6 | ||||
| -rw-r--r-- | ripd/ripd.c | 16 |
2 files changed, 19 insertions, 3 deletions
diff --git a/ripd/ChangeLog b/ripd/ChangeLog index 932c6245..2b65db30 100644 --- a/ripd/ChangeLog +++ b/ripd/ChangeLog @@ -1,3 +1,9 @@ +2004-06-04 JJ Ludman <jacques.ludman@sun.com> + + * ripd.c: Interoperability fix. Correct value for MD5 auth length + is 16. Accept packets with this set to >= 16, and set to 16 + ourselves. + 2004-05-31 Sowmini Varadhan <sowmini.varadhan@sun.com> * ripd.c: Fixup compile warnings diff --git a/ripd/ripd.c b/ripd/ripd.c index 05fdeb97..7567ba2c 100644 --- a/ripd/ripd.c +++ b/ripd/ripd.c @@ -854,8 +854,17 @@ rip_auth_md5 (struct rip_packet *packet, struct sockaddr_in *from, if (ri->auth_type != RIP_AUTH_MD5 || ntohs (md5->type) != RIP_AUTH_MD5) return 0; - if (md5->auth_len != RIP_HEADER_SIZE + RIP_AUTH_MD5_SIZE) +/* + * If the authentication length is less than 16, then it must be wrong for + * any interpretation of rfc2082. + */ + if (md5->auth_len < RIP_AUTH_MD5_SIZE) + { + if (IS_RIP_DEBUG_EVENT) + zlog_info ("RIPv2 MD5 authentication, authentication length field too \ + short"); return 0; + } if (ri->key_chain) { @@ -888,7 +897,8 @@ rip_auth_md5 (struct rip_packet *packet, struct sockaddr_in *from, strncpy ((char *)md5data->digest, auth_str, RIP_AUTH_MD5_SIZE); md5_init_ctx (&ctx); - md5_process_bytes (packet, packet_len + md5->auth_len, &ctx); + md5_process_bytes (packet, packet_len + RIP_HEADER_SIZE + RIP_AUTH_MD5_SIZE, \ + &ctx); md5_finish_ctx (&ctx, digest); if (memcmp (pdigest, digest, RIP_AUTH_MD5_SIZE) == 0) @@ -972,7 +982,7 @@ rip_auth_md5_set (struct stream *s, struct interface *ifp) /* Auth Data Len. Set 16 for MD5 authentication data. */ - stream_putc (s, RIP_AUTH_MD5_SIZE + RIP_HEADER_SIZE); + stream_putc (s, RIP_AUTH_MD5_SIZE); /* Sequence Number (non-decreasing). */ /* RFC2080: The value used in the sequence number is |