On Mon, Apr 24, 2023 at 03:51:22PM -0400, Mingwei Zheng wrote: > Hi, > > I am doing testing work on network protocols and here is one possible issue I > noticed in OSPF. > > I noticed that you have checked the length of lsa in your function > ospf_dump_lsupd in lsupd.c > <https://gitlab.nic.cz/labs/bird/-/blob/master/proto/ospf/lsupd.c>: > > if (((lsa_len % 4) != 0) || (lsa_len <= sizeof(struct ospf_lsa_header))) > goto invalid; > However in the other packet types, like LSACK and LSREQ, I didn’t see similar > checking. I am worrying about whether this would be an issue. > I would really appreciate it if anyone can have a look at it. Thank you!
Hi LSACK and LSREQ handle just fixed-size LSA headers, not full LSAs, so there is no reason for lsa_len checks. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
