From 4f36b3d9aef397767a8da30dc658b776e768295c Mon Sep 17 00:00:00 2001 From: Ben Greear Date: Fri, 25 Feb 2011 22:19:02 -0800 Subject: [PATCH] html: Update html slightly, add script to upload. Uploads html and supporting files to: http://www.candelatech.com/xorp.ct/ Signed-off-by: Ben Greear --- www/advisories/XORP_SA_06:01.ospf.txt | 98 ------------------- www/html_src/advisories.html | 11 +-- www/html_src/index.html | 7 +- www/html_src/porting.html | 10 +- .../SA-06-01/xorp_sa_06:01.ospf_1.2.patch | 86 ---------------- .../SA-06-01/xorp_sa_06:01.ospf_1.3.patch | 86 ---------------- www/scripts/XorpOrgGenerator.py | 2 +- xorp/RELEASE_NOTES | 5 +- 8 files changed, 16 insertions(+), 289 deletions(-) delete mode 100644 www/advisories/XORP_SA_06:01.ospf.txt delete mode 100644 www/patches/SA-06-01/xorp_sa_06:01.ospf_1.2.patch delete mode 100644 www/patches/SA-06-01/xorp_sa_06:01.ospf_1.3.patch diff --git a/www/advisories/XORP_SA_06:01.ospf.txt b/www/advisories/XORP_SA_06:01.ospf.txt deleted file mode 100644 index 0ee30d09f..000000000 --- a/www/advisories/XORP_SA_06:01.ospf.txt +++ /dev/null @@ -1,98 +0,0 @@ -============================================================================= -XORP_SA_06:01.ospf Security Advisory - The XORP Project - - -Topic: An LSA with invalid length will crash OSPFv2 - -Module: OSPF -Announced: 2006-10-17 -Credits: http://www.musecurity.com/ -Affects: XORP 1.2 and XORP 1.3 Releases -Corrected: 2006-10-16 06:50:04 UTC (Release 1.4-WIP) - -I. Background - -OSPFv2 is a link-state routing protocol defined in RFC 2328, -implemented by the XORP project. - -II. Problem Description - -The OSPF protocol carries link state information in Link State -Advertisements (LSAs). One or more LSAs can be carried in a Link State -Update Packet. Each LSA has its own length field and checksum amongst -other fields. - -One of the first checks made when processing an LSA is to verify the -checksum. The checksum verification routine takes into account the -LSA length field. If the length field has certain invalid values, then -OSPF might crash. - -III. Impact - -An attacker sending specially crafted packets with certain invalid LSA -length value will be able to terminate the XORP OSPF process. - -It should be noted that the attacker does not need to be on the same -network segment as the XORP router. - -IV. Workaround - -One possible workaround is to filter all external IP packets with protocol -number 89 (OSPF) at the border router. - -V. Solution - -Apply the relevant patch to your XORP system and restart OSPF. - -1) To patch your present system: - -[XORP 1.2] -# wget http://www.xorp.org/patches/SA-06:01/xorp_sa_06:01.ospf_1.2.patch - -[XORP 1.3] -# wget http://www.xorp.org/patches/SA-06:01/xorp_sa_06:01.ospf_1.3.patch - -2) Execute the following commands (only the last one has to be as root): - -# cd xorp -# patch -p0 < /path/to/patch -# gmake -# cd ospf -# gmake install - -3) Restart OSPFv2 - -a) Save the current configuration to a file. - -# xorpsh -Xorp> configure -XORP# save /tmp/xorp.boot - -b) Delete ospf4 from the configuration and commit. OSPFv2 should no -longer be running. - -XORP# delete protocols ospf4 -XORP# commit - -c) Reload the saved configuration, which will restart OSPFv2 -XORP# load /tmp/xorp.boot - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in XORP. - -Branch Revision - Path -------------------------------------------------------------------------- -HEAD - xorp/ospf/lsa.cc 1.72 -------------------------------------------------------------------------- - -VII. References - -The latest revision of this advisory is available at: -http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt - -============================================================================= diff --git a/www/html_src/advisories.html b/www/html_src/advisories.html index 0bb439ed2..50fb33e2c 100644 --- a/www/html_src/advisories.html +++ b/www/html_src/advisories.html @@ -8,15 +8,8 @@

Security Advisories

Advisory Description - - -2006-10-17 - -XORP_SA_06:01.ospf - -An LSA with invalid length will crash OSPFv2 - - + +No known issues with latest code... diff --git a/www/html_src/index.html b/www/html_src/index.html index a24aae87b..e1fbbee71 100644 --- a/www/html_src/index.html +++ b/www/html_src/index.html @@ -49,7 +49,10 @@

Message to the Community

  • OLSR: Enable building OLSR, support binding to a specific interface.
    • -
  • Support building IPv6 multicast support on Linux. Haven't tested functionality yet.
    • +
  • Support building IPv6 multicast support on Linux.
    • + +
  • Re-enable Microsoft Windows support. IPv6 looks questionable, + but it's likely IPv4 works good enough.
  • A more detailed change list list is in Release Notes available at releases/1.8-CT/docs/RELEASE_NOTES @@ -66,7 +69,7 @@

    Message to the Community

    --The XORP.CT Team
    -June 1, 2009 +February 25, 2011

    diff --git a/www/html_src/porting.html b/www/html_src/porting.html index 6d0cf9a4f..0683c5d61 100644 --- a/www/html_src/porting.html +++ b/www/html_src/porting.html @@ -2,9 +2,8 @@

    Porting Guide

    XORP is a large application, but it is intended to be portable. We've tried as far as possible to keep the C++ code close to revision -3 of the C++ standard (ISO14882). The only compilers tested to date -have been different versions of GNU g++. The code compiles on all -versions we've tested from 2.95 upwards. +3 of the C++ standard (ISO14882). Compilers tested to date +have been different versions of GNU g++, mingw, and clang.

    A design goal for XORP is placing all system dependencies in the @@ -16,10 +15,9 @@

    Porting Guide

    Before work on porting the FEA can begin, it will almost certainly be -necessary to change the autoconf and automake files to support the new +necessary to change the scons allconfig.py script to support the new platform and to make compilation fixes for any differences for the new platform that are not already covered. It would be preferable for these changes be orthogonal to existing platforms so the changes can -be integrated into the source tree with minimal work (assuming the -porter wants to contribute the changes back. +be integrated into the source tree with minimal work. diff --git a/www/patches/SA-06-01/xorp_sa_06:01.ospf_1.2.patch b/www/patches/SA-06-01/xorp_sa_06:01.ospf_1.2.patch deleted file mode 100644 index a2390e90f..000000000 --- a/www/patches/SA-06-01/xorp_sa_06:01.ospf_1.2.patch +++ /dev/null @@ -1,86 +0,0 @@ -Index: ospf/lsa.cc -=================================================================== -RCS file: /cvs/xorp/ospf/lsa.cc,v -retrieving revision 1.67 -diff -u -p -r1.67 lsa.cc ---- ospf/lsa.cc 3 Mar 2006 21:31:40 -0000 1.67 -+++ ospf/lsa.cc 16 Oct 2006 23:23:37 -0000 -@@ -123,13 +123,15 @@ put_ipv6_net(IPNet& v6net, uint8_t - } - - /** -- * Get the length of this LSA and make sure that its less than the -- * provided buffer. Otherwise throw an exception. Don't modify the -- * value if its greater than the buffer. -+ * Get the length of this LSA and verify that the length is smaller -+ * than the buffer and large enough to be a valid LSA. Otherwise throw -+ * an exception. Don't modify the value if its greater than the -+ * buffer. - */ - inline - size_t --get_lsa_len_from_header(const char *caller, uint8_t *buf, size_t len) -+get_lsa_len_from_header(const char *caller, uint8_t *buf, size_t len, -+ size_t min_len) - throw(BadPacket) - { - size_t tlen = Lsa_header::get_lsa_len_from_buffer(buf); -@@ -139,6 +141,13 @@ get_lsa_len_from_header(const char *call - caller, - XORP_UINT_CAST(tlen), - XORP_UINT_CAST(len))); -+ } else if(tlen < min_len) { -+ xorp_throw(BadPacket, -+ c_format("%s header len %u smaller than minimum LSA " -+ "of this type %u", -+ caller, -+ XORP_UINT_CAST(tlen), -+ XORP_UINT_CAST(min_len))); - } else { - len = tlen; - } -@@ -681,7 +690,7 @@ RouterLsa::decode(uint8_t *buf, size_t& - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Router-LSA", buf, len); -+ len = get_lsa_len_from_header("Router-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -877,7 +886,7 @@ NetworkLsa::decode(uint8_t *buf, size_t& - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Network-LSA", buf, len); -+ len = get_lsa_len_from_header("Network-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -1034,7 +1043,7 @@ SummaryNetworkLsa::decode(uint8_t *buf, - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Summary-LSA", buf, len); -+ len = get_lsa_len_from_header("Summary-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -1175,7 +1184,7 @@ SummaryRouterLsa::decode(uint8_t *buf, s - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Summary-LSA", buf, len); -+ len = get_lsa_len_from_header("Summary-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -1310,7 +1319,7 @@ ASExternalLsa::decode(uint8_t *buf, size - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("AS-External-LSA", buf, len); -+ len = get_lsa_len_from_header("AS-External-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) diff --git a/www/patches/SA-06-01/xorp_sa_06:01.ospf_1.3.patch b/www/patches/SA-06-01/xorp_sa_06:01.ospf_1.3.patch deleted file mode 100644 index 00f0a2ab9..000000000 --- a/www/patches/SA-06-01/xorp_sa_06:01.ospf_1.3.patch +++ /dev/null @@ -1,86 +0,0 @@ -Index: ospf/lsa.cc -=================================================================== -RCS file: /cvs/xorp/ospf/lsa.cc,v -retrieving revision 1.70 -diff -u -p -r1.70 lsa.cc ---- ospf/lsa.cc 28 Mar 2006 03:06:53 -0000 1.70 -+++ ospf/lsa.cc 16 Oct 2006 21:24:18 -0000 -@@ -123,13 +123,15 @@ put_ipv6_net(IPNet& v6net, uint8_t - } - - /** -- * Get the length of this LSA and make sure that its less than the -- * provided buffer. Otherwise throw an exception. Don't modify the -- * value if its greater than the buffer. -+ * Get the length of this LSA and verify that the length is smaller -+ * than the buffer and large enough to be a valid LSA. Otherwise throw -+ * an exception. Don't modify the value if its greater than the -+ * buffer. - */ - inline - size_t --get_lsa_len_from_header(const char *caller, uint8_t *buf, size_t len) -+get_lsa_len_from_header(const char *caller, uint8_t *buf, size_t len, -+ size_t min_len) - throw(BadPacket) - { - size_t tlen = Lsa_header::get_lsa_len_from_buffer(buf); -@@ -139,6 +141,13 @@ get_lsa_len_from_header(const char *call - caller, - XORP_UINT_CAST(tlen), - XORP_UINT_CAST(len))); -+ } else if(tlen < min_len) { -+ xorp_throw(BadPacket, -+ c_format("%s header len %u smaller than minimum LSA " -+ "of this type %u", -+ caller, -+ XORP_UINT_CAST(tlen), -+ XORP_UINT_CAST(min_len))); - } else { - len = tlen; - } -@@ -681,7 +690,7 @@ RouterLsa::decode(uint8_t *buf, size_t& - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Router-LSA", buf, len); -+ len = get_lsa_len_from_header("Router-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -877,7 +886,7 @@ NetworkLsa::decode(uint8_t *buf, size_t& - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Network-LSA", buf, len); -+ len = get_lsa_len_from_header("Network-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -1034,7 +1043,7 @@ SummaryNetworkLsa::decode(uint8_t *buf, - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Summary-LSA", buf, len); -+ len = get_lsa_len_from_header("Summary-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -1175,7 +1184,7 @@ SummaryRouterLsa::decode(uint8_t *buf, s - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("Summary-LSA", buf, len); -+ len = get_lsa_len_from_header("Summary-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) -@@ -1310,7 +1319,7 @@ ASExternalLsa::decode(uint8_t *buf, size - XORP_UINT_CAST(required))); - - // This guy throws an exception of there is a problem. -- len = get_lsa_len_from_header("AS-External-LSA", buf, len); -+ len = get_lsa_len_from_header("AS-External-LSA", buf, len, required); - - // Verify the checksum. - if (!verify_checksum(buf + 2, len - 2, 16 - 2)) diff --git a/www/scripts/XorpOrgGenerator.py b/www/scripts/XorpOrgGenerator.py index 3f436fb62..ea57f296d 100755 --- a/www/scripts/XorpOrgGenerator.py +++ b/www/scripts/XorpOrgGenerator.py @@ -134,7 +134,7 @@ def write_google_tracker(): def write_footer(): open_div("footer") - print """© 2008-2010 XORP, Inc, © 2010 Others. All Rights Reserved""" + print """© 2008-2010 XORP, Inc, © 2010-2011 Others. All Rights Reserved""" close_div("footer") def write_header(filename, headextras = []): diff --git a/xorp/RELEASE_NOTES b/xorp/RELEASE_NOTES index 5df20978a..411882dbe 100644 --- a/xorp/RELEASE_NOTES +++ b/xorp/RELEASE_NOTES @@ -3,7 +3,10 @@ This file contains XORP release notes (most recent releases first). -Release 1.9-CT (Work in Progress) +Release 1.8.3-CT (Work in Progress) + + * Re-add support for XORP on Microsoft Windows. Add instructions + to BUILD_NOTES for cross-compiling with mingw. * Add more options for disabling compile of certain modules. See: scons --help