CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/25 07:19:06
Modified files:
usr.sbin/ospfctl: ospfctl.c
usr.sbin/ospfd : area.c auth.c ospfd.c ospfd.h ospfe.c rde.c
Log message:
ospfd(8) must be more paranoid about what it sends
to its peers using IPC messages (see imsg_add(3)).
The data passed between processes must not leak
information on memory address layout from process.
The process must be sending to its peers either data which
are needed or, if taking a shortcut, zeroize fields
which carry pointer (memory addresses) from process.
The issue has been reported by students
from British Columbia University earlier this year.
The fix includes generous feedback from claudio@
OK claudio@
