upstream/oracle/userland-gate: components/quagga/patches/12-cve-2013-0149.patch@27eab5dcdc0b (annotated)

2951 83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	1	This patch may be removed when Quagga is upgraded to at least
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	2	version 0.99.22.4 or 0.99.23
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	3
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	4
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	5	From 23cd8fb7133befdb84b3a918f7b2f6147161ac6e Mon Sep 17 00:00:00 2001
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	6	From: David Lamparter <[email protected]>
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	7	Date: Fri, 2 Aug 2013 07:27:53 +0000
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	8	Subject: [PATCH] ospfd: protect vs. VU#229804 (malformed Router-LSA)
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	9
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	10	VU#229804 reports that, by injecting Router LSAs with the Advertising
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	11	Router ID different from the Link State ID, OSPF implementations can be
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	12	tricked into retaining and using invalid information.
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	13
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	14	Quagga is not vulnerable to this because it looks up Router LSAs by
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	15	(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	16	Note the double "id" parameter at the end.
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	17
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	18	Still, we can provide an improvement here by discarding such malformed
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	19	LSAs and providing a warning to the administrator. While we cannot
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	20	prevent such malformed LSAs from entering the OSPF domain, we can
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	21	certainly try to limit their distribution.
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	22
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	23	cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	24	This issue is a specification issue in the OSPF protocol that was
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	25	discovered by Dr. Gabi Nakibly.
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	26
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	27	Reported-by: CERT Coordination Center <[email protected]>
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	28	Signed-off-by: David Lamparter <[email protected]>
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	29	---
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	30	ospfd/ospf_packet.c \| 21 +++++++++++++++++++++
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	31	1 files changed, 21 insertions(+), 0 deletions(-)
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	32
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	33	diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	34	index 37223fb..ab68bf0 100644
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	35	--- ospfd/ospf_packet.c
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	36	+++ ospfd/ospf_packet.c
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	37	@@ -1823,6 +1823,27 @@ ospf_ls_upd (struct ip iph, struct ospf_header ospfh,
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	38	DISCARD_LSA (lsa,2);
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	39	}
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	40
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	41	+ /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	42	+ if (lsa->data->type == OSPF_ROUTER_LSA)
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	43	+ if (!IPV4_ADDR_SAME(&lsa->data->id, &lsa->data->adv_router))
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	44	+ {
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	45	+ char buf1[INET_ADDRSTRLEN];
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	46	+ char buf2[INET_ADDRSTRLEN];
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	47	+ char buf3[INET_ADDRSTRLEN];
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	48	+
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	49	+ zlog_err("Incoming Router-LSA from %s with "
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	50	+ "Adv-ID[%s] != LS-ID[%s]",
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	51	+ inet_ntop (AF_INET, &ospfh->router_id,
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	52	+ buf1, INET_ADDRSTRLEN),
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	53	+ inet_ntop (AF_INET, &lsa->data->id,
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	54	+ buf2, INET_ADDRSTRLEN),
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	55	+ inet_ntop (AF_INET, &lsa->data->adv_router,
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	56	+ buf3, INET_ADDRSTRLEN));
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	57	+ zlog_err("OSPF domain compromised by attack or corruption. "
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	58	+ "Verify correct operation of -ALL- OSPF routers.");
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	59	+ DISCARD_LSA (lsa, 0);
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	60	+ }
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	61	+
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	62	/* Find the LSA in the current database. */
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	63
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	64	current = ospf_lsa_lookup_by_header (oi->area, lsa->data);
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	65	--
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	66	1.7.2.5
83313d4990a4 17658177 problem in SERVICE/QUAGGA Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	67

author	Brian Utterback <brian.utterback@oracle.com>
	Fri, 03 Mar 2017 10:53:19 -0800
branch	s11u3-sru
changeset 7929	27eab5dcdc0b
parent 2951	83313d4990a4
permissions	-rw-r--r--