From 3f359d732c0be97e580d752cbf8099932afe7dcb Mon Sep 17 00:00:00 2001 From: Acee Lindem Date: Tue, 4 Jun 2024 21:24:46 +0000 Subject: ospf6d: OSPFv3 manual key authentication neglects checking the SA ID. Also, add topotest variation to verify checking. This corrects https://github.com/FRRouting/frr/issues/16100. Signed-off-by: Acee Lindem --- ospf6d/ospf6_auth_trailer.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'ospf6d') diff --git a/ospf6d/ospf6_auth_trailer.c b/ospf6d/ospf6_auth_trailer.c index 8d9eff409..860d27379 100644 --- a/ospf6d/ospf6_auth_trailer.c +++ b/ospf6d/ospf6_auth_trailer.c @@ -517,6 +517,15 @@ int ospf6_auth_check_digest(struct ospf6_header *oh, struct ospf6_interface *oi, } } else if (CHECK_FLAG(oi->at_data.flags, OSPF6_AUTH_TRAILER_MANUAL_KEY)) { + if (oi->at_data.key_id != ntohs(ospf6_auth->id)) { + if (IS_OSPF6_DEBUG_AUTH_RX) + zlog_err("RECV[%s]: Auth SA ID mismatch for %s, received %u vs configured %u", + oi->interface->name, + ospf6_message_type(oh->type), + ntohs(ospf6_auth->id), + oi->at_data.key_id); + return OSPF6_AUTH_VALIDATE_FAILURE; + } auth_str = oi->at_data.auth_key; hash_algo = oi->at_data.hash_algo; } -- cgit v1.2.3