https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254924
Bug ID: 254924
Summary: stp does not validate timer values in config BPDU
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: jcap...@blackberry.com
Created attachment 223952
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=223952&action=edit
proposed patch
Overview
--------
IEEE Std 802.1D-2004 Section 17.14 defines permitted ranges for timers.
Incoming BPDU messages should be checked against the permitted ranges. The rest
of 17.14 appears to be enforced already.
Steps to Reproduce
------------------
Send an invalid config with scapy (maxage > 40, fwddelay > 30):
>>stp =
>>Ether(src="00:0c:29:0b:91:0a",dst="01:80:C2:00:00:00")/LLC()/STP(proto=0,rootid=32768,rootmac="00:0c:29:01:01:01",bridgeid=32768,bridgemac="00:0c:29:01:01:01",portid=0x8007,maxage=50,hellotime=2,fwddelay=40)
>>sendp(stp,inter=1./1,iface="em1",loop=1)
Actual Results
--------------
tcpdump shows configuration is accepted and forwarded by other ports:
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 262144
bytes
17:35:34.930786 STP 802.1d, Config, Flags [none], bridge-id
8000.00:0c:29:c8:34:91.8002, length 43
message-age 2.00s, max-age 50.00s, hello-time 2.00s, forwarding-delay 40.00s
Expected Results
----------------
The invalid config is discarded
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
