diff options
author | Renato Westphal <renato@cvs.openbsd.org> | 2016-06-08 21:28:10 +0000 |
---|---|---|
committer | Renato Westphal <renato@cvs.openbsd.org> | 2016-06-08 21:28:10 +0000 |
commit | e0ef56b652831fb30dc77254638c97ff5ad5259c (patch) | |
tree | fc0e01f97a9286a9501b493d467780bbb29217a2 | |
parent | 622a1537a4a4a506bc359e09cb873bdc14455ddf (diff) |
Add one more safety check for Initialization messages.
RFC 5036 says the following about the "Receiver LDP Identifier" field:
"Identifies the receiver's label space. This LDP Identifier, together
with the sender's LDP Identifier in the PDU header, enables the receiver
to match the Initialization message with one of its Hello adjacencies;
If there is no matching Hello adjacency, the LSR MUST send a Session
Rejected/No Hello Notification message in response to the Initialization
message and not establish the session".
This is one more case of LDP being more complex than what it should have
been. Since LDP support MPLS label spaces (for ATM and FR), just the
sender's LSR-ID in the PDU header is not enough for identifying an Hello
adjacency. We also need the receiver's label space, and that's what this
field gives us. In fact, this field contains the full receiver's LSR-ID,
but the IP part doesn't really matter.
Since we don't support label spaces (and never will), we were happily
ignoring this field. This patch changes this to fix some errors with ANVL.
Fixes the following ANVL LDP tests: 6.5, 6.6 and 6.11.
-rw-r--r-- | usr.sbin/ldpd/init.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/ldpd/init.c b/usr.sbin/ldpd/init.c index ddaadf14d60..d4b7433860c 100644 --- a/usr.sbin/ldpd/init.c +++ b/usr.sbin/ldpd/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.27 2016/05/23 19:11:42 renato Exp $ */ +/* $OpenBSD: init.c,v 1.28 2016/06/08 21:28:09 renato Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -70,16 +70,19 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len) session_shutdown(nbr, S_KEEPALIVE_BAD, init.msgid, init.type); return (-1); } - if (ntohs(sess.length) != SESS_PRMS_SIZE - TLV_HDR_LEN) { session_shutdown(nbr, S_BAD_TLV_LEN, init.msgid, init.type); return (-1); } - if (ntohs(sess.proto_version) != LDP_VERSION) { session_shutdown(nbr, S_BAD_PROTO_VER, init.msgid, init.type); return (-1); } + if (sess.lsr_id != leconf->rtr_id.s_addr || + ntohs(sess.lspace_id) != 0) { + session_shutdown(nbr, S_NO_HELLO, init.msgid, init.type); + return (-1); + } buf += SESS_PRMS_SIZE; len -= SESS_PRMS_SIZE; |