#! /bin/sh /usr/share/dpatch/dpatch-run
## 99_CVE-2011-3326_uknown_LSA_type.dpatch by <ch@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: http://code.quagga.net/?p=quagga.git;a=commitdiff_plain;h=6b161fc12a15aba8824c84d1eb38e529aaf70769
@DPATCH@
# From: CROSS <info@codenomicon.com>
# Date: Mon, 26 Sep 2011 09:17:21 +0000 (+0400)
# Subject: ospfd: CVE-2011-3326 (uknown LSA type segfault)
# X-Git-Tag: quagga_0_99_19_release~5
# X-Git-Url: http://code.quagga.net/?p=quagga.git;a=commitdiff_plain;h=6b161fc12a15aba8824c84d1eb38e529aaf70769
#
# ospfd: CVE-2011-3326 (uknown LSA type segfault)
#
# This vulnerability (CERT-FI #514837) was reported by CROSS project.
# They have also suggested a fix to the problem, which was found
# acceptable.
#
# Quagga ospfd does not seem to handle unknown LSA types in a Link State
# Update message correctly. If LSA type is something else than one
# supported
# by Quagga, the default handling of unknown types leads to an error.
#
# * ospf_flood.c
# * ospf_flood(): check return value of ospf_lsa_install()
# ---
diff --git a/ospfd/ospf_flood.c b/ospfd/ospf_flood.c
index 77f2e16..004ed1a 100644
--- a/ospfd/ospf_flood.c
+++ b/ospfd/ospf_flood.c
@@ -319,7 +319,8 @@ ospf_flood (struct ospf *ospf, struct ospf_neighbor *nbr,
procedure cannot overwrite the newly installed LSA until
MinLSArrival seconds have elapsed. */
- new = ospf_lsa_install (ospf, nbr->oi, new);
+ if (! (new = ospf_lsa_install (ospf, nbr->oi, new)))
+ return 0; /* unknown LSA type */
/* Acknowledge the receipt of the LSA by sending a Link State
Acknowledgment packet back out the receiving interface. */
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)