Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nhrpd: fixes duplicate auth extension #16480

Merged
merged 1 commit into from
Jul 29, 2024
Merged

nhrpd: fixes duplicate auth extension #16480

merged 1 commit into from
Jul 29, 2024

Conversation

dleroy
Copy link
Contributor

@dleroy dleroy commented Jul 25, 2024

When an NHRP server was forwarding a message, it was copying all extensions from the originally received packet. The authentication extension must be regenerated hop by hop per RFC2332. The copied auth extension had an incorrect length. This fix checks for the auth extension when copying extensions and omits the original packet auth and instead regenerates a new auth extension.

Fix bug #16466

@frrbot frrbot bot added the nhrp label Jul 25, 2024
@dleroy dleroy force-pushed the dleroy/nhrpd-duplicate-auth-fix branch 2 times, most recently from f80754e to fba6f03 Compare July 26, 2024 00:40
@Jafaral
Copy link
Member

Jafaral commented Jul 26, 2024 

Report for nhrp_peer.c | 2 issues
===============================================
< WARNING: Block comments should align the * on each line
< #1054: FILE: /tmp/f1-2041579/nhrp_peer.c:1054:
Checkpatch found Errors:
Report for nhrp_peer.c | 2 issues
===============================================
< WARNING: Block comments should align the * on each line
< #1054: FILE: /tmp/f1-2041579/nhrp_peer.c:1054:

Jafaral
Jafaral reviewed Jul 26, 2024
View reviewed changes
nhrpd/nhrp_peer.c Outdated
* This will be done below in nhrp_packet_complete_auth().
*/
/* Extensions can be copied from original packet except
* authentication extension which must be regenerated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alignment off.

@dleroy dleroy force-pushed the dleroy/nhrpd-duplicate-auth-fix branch from fba6f03 to 80218f6 Compare July 26, 2024 18:10
@dleroy
nhrpd: fixes duplicate auth extension
7c20ffa 
When an NHRP server was forwarding a message, it was copying all
extensions from the originally received packet. The authentication
extension must be regenerated hop by hop per RFC2332. The copied
auth extension had an incorrect length. This fix checks for the
auth extension when copying extensions and omits the original
packet auth and instead regenerates a new auth extension.

Fix bug FRRouting#16466

Signed-off-by: Dave LeRoy <[email protected]>
@dleroy dleroy force-pushed the dleroy/nhrpd-duplicate-auth-fix branch from 80218f6 to 7c20ffa Compare July 26, 2024 21:09
@donaldsharp
Copy link
Member

LGTM once CI passes I will get this in.

@donaldsharp donaldsharp merged commit 6186368 into FRRouting:master Jul 29, 2024
11 checks passed
@donaldsharp donaldsharp mentioned this pull request Aug 6, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jafaral Jafaral Jafaral left review comments

Assignees
No one assigned
Labels
master nhrp size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dleroy @Jafaral @donaldsharp