summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRenato Westphal <renato@cvs.openbsd.org>2016-06-08 21:28:10 +0000
committerRenato Westphal <renato@cvs.openbsd.org>2016-06-08 21:28:10 +0000
commite0ef56b652831fb30dc77254638c97ff5ad5259c (patch)
treefc0e01f97a9286a9501b493d467780bbb29217a2
parent622a1537a4a4a506bc359e09cb873bdc14455ddf (diff)
Add one more safety check for Initialization messages.
RFC 5036 says the following about the "Receiver LDP Identifier" field: "Identifies the receiver's label space. This LDP Identifier, together with the sender's LDP Identifier in the PDU header, enables the receiver to match the Initialization message with one of its Hello adjacencies; If there is no matching Hello adjacency, the LSR MUST send a Session Rejected/No Hello Notification message in response to the Initialization message and not establish the session". This is one more case of LDP being more complex than what it should have been. Since LDP support MPLS label spaces (for ATM and FR), just the sender's LSR-ID in the PDU header is not enough for identifying an Hello adjacency. We also need the receiver's label space, and that's what this field gives us. In fact, this field contains the full receiver's LSR-ID, but the IP part doesn't really matter. Since we don't support label spaces (and never will), we were happily ignoring this field. This patch changes this to fix some errors with ANVL. Fixes the following ANVL LDP tests: 6.5, 6.6 and 6.11.
-rw-r--r--usr.sbin/ldpd/init.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/ldpd/init.c b/usr.sbin/ldpd/init.c
index ddaadf14d60..d4b7433860c 100644
--- a/usr.sbin/ldpd/init.c
+++ b/usr.sbin/ldpd/init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: init.c,v 1.27 2016/05/23 19:11:42 renato Exp $ */
+/* $OpenBSD: init.c,v 1.28 2016/06/08 21:28:09 renato Exp $ */
/*
* Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
@@ -70,16 +70,19 @@ recv_init(struct nbr *nbr, char *buf, uint16_t len)
session_shutdown(nbr, S_KEEPALIVE_BAD, init.msgid, init.type);
return (-1);
}
-
if (ntohs(sess.length) != SESS_PRMS_SIZE - TLV_HDR_LEN) {
session_shutdown(nbr, S_BAD_TLV_LEN, init.msgid, init.type);
return (-1);
}
-
if (ntohs(sess.proto_version) != LDP_VERSION) {
session_shutdown(nbr, S_BAD_PROTO_VER, init.msgid, init.type);
return (-1);
}
+ if (sess.lsr_id != leconf->rtr_id.s_addr ||
+ ntohs(sess.lspace_id) != 0) {
+ session_shutdown(nbr, S_NO_HELLO, init.msgid, init.type);
+ return (-1);
+ }
buf += SESS_PRMS_SIZE;
len -= SESS_PRMS_SIZE;