Date: Fri, 09 Apr 2021 17:24:03 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 254924] stp does not validate timer values in config BPDU Message-ID: <bug-254924-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254924 Bug ID: 254924 Summary: stp does not validate timer values in config BPDU Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jcaplan@blackberry.com Created attachment 223952 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D223952&action= =3Dedit proposed patch Overview -------- IEEE Std 802.1D-2004 Section 17.14 defines permitted ranges for timers. Incoming BPDU messages should be checked against the permitted ranges. The = rest of 17.14 appears to be enforced already. Steps to Reproduce ------------------ Send an invalid config with scapy (maxage > 40, fwddelay > 30): >>stp =3D Ether(src=3D"00:0c:29:0b:91:0a",dst=3D"01:80:C2:00:00:00")/LLC()/= STP(proto=3D0,rootid=3D32768,rootmac=3D"00:0c:29:01:01:01",bridgeid=3D32768= ,bridgemac=3D"00:0c:29:01:01:01",portid=3D0x8007,maxage=3D50,hellotime=3D2,= fwddelay=3D40) >>sendp(stp,inter=3D1./1,iface=3D"em1",loop=3D1) Actual Results -------------- tcpdump shows configuration is accepted and forwarded by other ports: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes 17:35:34.930786 STP 802.1d, Config, Flags [none], bridge-id 8000.00:0c:29:c8:34:91.8002, length 43 message-age 2.00s, max-age 50.00s, hello-time 2.00s, forwarding-delay 40.00s Expected Results ---------------- The invalid config is discarded --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254924-227>