Gitiles
Code Review Sign In
gerrit.lfbroadband.org / quagga / ea2a598411cc7bd20456849e56bbc9e93c9916e7
commitea2a598411cc7bd20456849e56bbc9e93c9916e7[log] [tgz]
authorJoakim Tjernlund <Joakim.Tjernlund@transmode.se>Thu Nov 26 12:23:07 2009 +0000
committerVincent JARDIN <vincent.jardin@6wind.com>Mon Oct 27 15:57:59 2014 +0100
treee1825968b9d0f7208b93944980331179456b7625
parent969d3550a8cbb07f8b4d5ebe8dde5064f8260140 [diff]
ospfd: invalid MD5 auth_key?

This looks fishy in ospf_make_md5_digest()
if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
    auth_key = (const u_int8_t *) "";
...
MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
auth_key points to a "" string of len 1 which is a lot
smaller that OSPF_AUTH_MD5_SIZE. Is this intentional to
get some random data or just a plain bug?

Anyone using MD5 should have a closer look and decide
what to do.
Acked-by: Feng Lu <lu.feng@6wind.com>
1 file changed
tree: e1825968b9d0f7208b93944980331179456b7625
  1. .gitignore
  2. AUTHORS
  3. COPYING
  4. COPYING.LIB
  5. ChangeLog
  6. HACKING.pending
  7. HACKING.tex
  8. INSTALL.quagga.txt
  9. Makefile.am
  10. NEWS
  11. README
  12. README.NetBSD
  13. REPORTING-BUGS
  14. SERVICES
  15. TODO
  16. babeld/
  17. bgpd/
  18. bootstrap.sh
  19. buildtest.sh
  20. configure.ac
  21. doc/
  22. fpm/
  23. init/
  24. isisd/
  25. lib/
  26. m4/
  27. ospf6d/
  28. ospfclient/
  29. ospfd/
  30. pkgsrc/
  31. ports/
  32. redhat/
  33. ripd/
  34. ripngd/
  35. solaris/
  36. stamp-h.in
  37. tests/
  38. tools/
  39. update-autotools
  40. vtysh/
  41. watchquagga/
  42. zebra/