[quagga-dev 11120] Re: [quagga-dev, 8801, 2/2] ospfd: invalid MD5 auth_key?

Feng Lu lu.feng at 6wind.com
Mon Mar 24 09:25:14 GMT 2014


On 08/31/2011 02:29 PM, David Lamparter wrote:
> From: Joakim Tjernlund<joakim.tjernlund at transmode.se>
>
> This looks fishy in ospf_make_md5_digest()
> if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
>      auth_key = (const u_int8_t *) "";
> ...
> MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
> auth_key points to a "" string of len 1 which is a lot
> smaller that OSPF_AUTH_MD5_SIZE. Is this intentional to
> get some random data or just a plain bug?
>
> Anyone using MD5 should have a closer look and decide
> what to do.
Hi David,

I agree to it. Would you please provide a signed-off so that I can
give an ack't?

Thanks and best regards,
Feng Lu




More information about the Quagga-dev mailing list