forked from Mirror/frr
eigrpd: Cleanup various SA Issues
1) Handle key value not found on interface 2) Handle various NULL pointer possibilities 3) Fix possible integer overflow 4) Fix memory leak 5) Check return codes on sscanf Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is contained in:
Donald Sharp
parent
32e5503d8f
commit
dbfd865b05
|
|
@ -295,11 +295,13 @@ void show_ip_eigrp_prefix_entry(struct vty *vty, struct eigrp_prefix_entry *tn)
|
||||||
|
|
||||||
vty_out(vty, "%s, ",
|
vty_out(vty, "%s, ",
|
||||||
prefix2str(tn->destination, buffer, PREFIX_STRLEN));
|
prefix2str(tn->destination, buffer, PREFIX_STRLEN));
|
||||||
vty_out(vty, "%u successors, ", successors->count);
|
vty_out(vty, "%u successors, ",
|
||||||
|
(successors) ? successors->count : 0);
|
||||||
vty_out(vty, "FD is %u, serno: %" PRIu64 " \n", tn->fdistance,
|
vty_out(vty, "FD is %u, serno: %" PRIu64 " \n", tn->fdistance,
|
||||||
tn->serno);
|
tn->serno);
|
||||||
|
|
||||||
list_delete(successors);
|
if (successors)
|
||||||
|
list_delete(successors);
|
||||||
}
|
}
|
||||||
|
|
||||||
void show_ip_eigrp_neighbor_entry(struct vty *vty, struct eigrp *eigrp,
|
void show_ip_eigrp_neighbor_entry(struct vty *vty, struct eigrp *eigrp,
|
||||||
|
|
|
||||||
|
|
@ -412,11 +412,15 @@ void eigrp_sw_version_initialize(void)
|
||||||
{
|
{
|
||||||
char ver_string[] = VERSION;
|
char ver_string[] = VERSION;
|
||||||
char *dash = strstr(ver_string, "-");
|
char *dash = strstr(ver_string, "-");
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (dash)
|
if (dash)
|
||||||
dash[0] = '\0';
|
dash[0] = '\0';
|
||||||
|
|
||||||
sscanf(ver_string, "%d.%d", &FRR_MAJOR, &FRR_MINOR);
|
ret = sscanf(ver_string, "%d.%d", &FRR_MAJOR, &FRR_MINOR);
|
||||||
|
if (ret != 2)
|
||||||
|
zlog_err("Did not Properly parse %s, please fix VERSION string",
|
||||||
|
VERSION);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -249,15 +249,14 @@ int eigrp_if_up(struct eigrp_interface *ei)
|
||||||
struct eigrp_metrics metric;
|
struct eigrp_metrics metric;
|
||||||
struct eigrp_interface *ei2;
|
struct eigrp_interface *ei2;
|
||||||
struct listnode *node, *nnode;
|
struct listnode *node, *nnode;
|
||||||
struct eigrp *eigrp = eigrp_lookup();
|
struct eigrp *eigrp;
|
||||||
|
|
||||||
if (ei == NULL)
|
if (ei == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (eigrp != NULL)
|
eigrp = ei->eigrp;
|
||||||
eigrp_adjust_sndbuflen(eigrp, ei->ifp->mtu);
|
eigrp_adjust_sndbuflen(eigrp, ei->ifp->mtu);
|
||||||
else
|
|
||||||
zlog_warn("%s: eigrp_lookup () returned NULL", __func__);
|
|
||||||
eigrp_if_stream_set(ei);
|
eigrp_if_stream_set(ei);
|
||||||
|
|
||||||
/* Set multicast memberships appropriately for new state. */
|
/* Set multicast memberships appropriately for new state. */
|
||||||
|
|
|
||||||
|
|
@ -193,6 +193,12 @@ int eigrp_check_md5_digest(struct stream *s,
|
||||||
if (keychain)
|
if (keychain)
|
||||||
key = key_lookup_for_send(keychain);
|
key = key_lookup_for_send(keychain);
|
||||||
|
|
||||||
|
if (!key) {
|
||||||
|
zlog_warn("Interface %s: Expected key value not found in config",
|
||||||
|
nbr->ei->ifp->name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
memset(&ctx, 0, sizeof(ctx));
|
memset(&ctx, 0, sizeof(ctx));
|
||||||
MD5Init(&ctx);
|
MD5Init(&ctx);
|
||||||
|
|
||||||
|
|
@ -229,8 +235,7 @@ int eigrp_check_md5_digest(struct stream *s,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* save neighbor's crypt_seqnum */
|
/* save neighbor's crypt_seqnum */
|
||||||
if (nbr)
|
nbr->crypt_seqnum = authTLV->key_sequence;
|
||||||
nbr->crypt_seqnum = authTLV->key_sequence;
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
@ -240,10 +245,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
|
||||||
{
|
{
|
||||||
struct key *key = NULL;
|
struct key *key = NULL;
|
||||||
struct keychain *keychain;
|
struct keychain *keychain;
|
||||||
char *source_ip;
|
char source_ip[PREFIX_STRLEN];
|
||||||
|
|
||||||
unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
|
unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
|
||||||
unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
|
unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
|
||||||
|
|
||||||
HMAC_SHA256_CTX ctx;
|
HMAC_SHA256_CTX ctx;
|
||||||
void *ibuf;
|
void *ibuf;
|
||||||
size_t backup_get, backup_end;
|
size_t backup_get, backup_end;
|
||||||
|
|
@ -263,11 +269,13 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
|
||||||
if (keychain)
|
if (keychain)
|
||||||
key = key_lookup_for_send(keychain);
|
key = key_lookup_for_send(keychain);
|
||||||
|
|
||||||
// saved_len[index] = strnzcpyn(saved_key[index], key,
|
if (!key) {
|
||||||
// PLAINTEXT_LENGTH + 1);
|
zlog_warn("Interface %s: Expected key value not found in config",
|
||||||
|
ei->ifp->name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
source_ip = calloc(16, sizeof(char));
|
inet_ntop(AF_INET, &ei->address->u.prefix4, source_ip, PREFIX_STRLEN);
|
||||||
inet_ntop(AF_INET, &ei->address->u.prefix4, source_ip, 16);
|
|
||||||
|
|
||||||
memset(&ctx, 0, sizeof(ctx));
|
memset(&ctx, 0, sizeof(ctx));
|
||||||
buffer[0] = '\n';
|
buffer[0] = '\n';
|
||||||
|
|
@ -287,7 +295,6 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
|
||||||
stream_set_endp(s, backup_end);
|
stream_set_endp(s, backup_end);
|
||||||
|
|
||||||
eigrp_authTLV_SHA256_free(auth_TLV);
|
eigrp_authTLV_SHA256_free(auth_TLV);
|
||||||
free(source_ip);
|
|
||||||
|
|
||||||
return EIGRP_AUTH_TYPE_SHA256_LEN;
|
return EIGRP_AUTH_TYPE_SHA256_LEN;
|
||||||
}
|
}
|
||||||
|
|
@ -613,10 +620,10 @@ int eigrp_read(struct thread *thread)
|
||||||
opcode = eigrph->opcode;
|
opcode = eigrph->opcode;
|
||||||
|
|
||||||
if (IS_DEBUG_EIGRP_TRANSMIT(0, RECV)) {
|
if (IS_DEBUG_EIGRP_TRANSMIT(0, RECV)) {
|
||||||
char src[100], dst[100];
|
char src[PREFIX_STRLEN], dst[PREFIX_STRLEN];
|
||||||
|
|
||||||
strcpy(src, inet_ntoa(iph->ip_src));
|
strncpy(src, inet_ntoa(iph->ip_src), PREFIX_STRLEN);
|
||||||
strcpy(dst, inet_ntoa(iph->ip_dst));
|
strncpy(dst, inet_ntoa(iph->ip_dst), PREFIX_STRLEN);
|
||||||
zlog_debug("Received [%s][%d/%d] length [%u] via [%s] src [%s] dst [%s]",
|
zlog_debug("Received [%s][%d/%d] length [%u] via [%s] src [%s] dst [%s]",
|
||||||
lookup_msg(eigrp_packet_type_str, opcode, NULL),
|
lookup_msg(eigrp_packet_type_str, opcode, NULL),
|
||||||
ntohl(eigrph->sequence), ntohl(eigrph->ack), length,
|
ntohl(eigrph->sequence), ntohl(eigrph->ack), length,
|
||||||
|
|
|
||||||
|
|
@ -444,7 +444,7 @@ void eigrp_topology_update_node_flags(struct eigrp_prefix_entry *dest)
|
||||||
|
|
||||||
for (ALL_LIST_ELEMENTS_RO(dest->entries, node, entry)) {
|
for (ALL_LIST_ELEMENTS_RO(dest->entries, node, entry)) {
|
||||||
if (((uint64_t)entry->distance
|
if (((uint64_t)entry->distance
|
||||||
<= (uint64_t)(dest->distance * eigrp->variance))
|
<= (uint64_t)dest->distance * (uint64_t)eigrp->variance)
|
||||||
&& entry->distance != EIGRP_MAX_METRIC) // is successor
|
&& entry->distance != EIGRP_MAX_METRIC) // is successor
|
||||||
{
|
{
|
||||||
entry->flags |= EIGRP_NEIGHBOR_ENTRY_SUCCESSOR_FLAG;
|
entry->flags |= EIGRP_NEIGHBOR_ENTRY_SUCCESSOR_FLAG;
|
||||||
|
|
|
||||||
|
|
@ -443,6 +443,9 @@ void eigrp_update_receive(struct eigrp *eigrp, struct ip *iph,
|
||||||
|
|
||||||
eigrp_query_send_all(eigrp);
|
eigrp_query_send_all(eigrp);
|
||||||
eigrp_update_send_all(eigrp, ei);
|
eigrp_update_send_all(eigrp, ei);
|
||||||
|
|
||||||
|
if (nbr_prefixes)
|
||||||
|
list_delete(nbr_prefixes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*send EIGRP Update packet*/
|
/*send EIGRP Update packet*/
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue