Comment # 20
on bug 6302
from Denis Ovsienko
I confirm all the packets from the sample capture you mention are indeed
malformed.
As far as it is possible to tell without compiling and testing I confirm the
change 2292 correctly encodes the OSPFv2 LSA minimum length table, which is as
follows:
(LS type) (length constraint)
1 Router LSA: >= 24 bytes (>= 0 link descriptor(s) required)
2 Network LSA: >= 28 bytes (>= 1 router-ID(s) required)
3 Summary LSA: >= 28 bytes (>= 1 TOS metric block(s) required)
4 Summary LSA: >= 28 bytes (>= 1 TOS metric block(s) required)
5 AS-External LSA: >= 36 bytes (>= 1 TOS forwarding block(s) required)
7 NSSA LSA: >= 36 bytes (>= 1 TOS forwarding block(s) required)
9 Opaque Link LSA: >= 20 bytes
10 Opaque Area LSA: >= 20 bytes
11 Opaque AS LSA: >= 20 bytes
Please note it seems necessary to make sure ls_type is within the valid range
before the check below, otherwise it can access beyond the end of
ls_length_constraints[]:
if(ls_length < ls_length_constraints[ls_type]) {
Thank you.
You are receiving this mail because:
- You are watching all bug changes.