Code Review / openflowplugin.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d659567) | patch
BUG 2723 - Topology spoofing via LLDP - hash check in topology-discovery 97/16697/6
authorJozef Gloncak <jgloncak@cisco.com>
Tue, 17 Mar 2015 13:35:57 +0000 (14:35 +0100)
committerJozef Gloncak <jgloncak@cisco.com>
Wed, 27 May 2015 12:27:45 +0000 (14:27 +0200)
commit27a4314a19491672dcb76c7300c3c4087ed1effa
treef5fa53b62552583384d6ebbee613c2f9abb68e15tree | snapshot
parentd65956758bfba2f8c60622fd64eb87c17137fe5dcommit | diff
BUG 2723 - Topology spoofing via LLDP - hash check in topology-discovery

Checking of CustomSec (TLV field in LLDP packet). Value of CustomSec from LLDP
packet has to be equal to hash value which is computed in
topology-lldp-discovery artifact. Hash value is obtained as MD5 value
calculated from concatenation of strings:
 - node connector ID
 - pseudo PID of running JAVA karaf

Method getValueForLLDPPacketIntegrityEnsuring() prepare array of bytes which
will be after hashing used to check integrity of LLDP packets. Ensuring that
LLDP packet wasn't modified. (extra authenticator; CVE-2015-1611 CVE-2015-1612)

Change-Id: Ic8f50c88e7d8e3722d8d83a01ffa94a96bde313f
Signed-off-by: Jozef Gloncak <jgloncak@cisco.com>
(cherry picked from commit 67eed66d24b20d03645140d40b44d16ce53e1210)
applications/topology-lldp-discovery/src/main/java/org/opendaylight/openflowplugin/applications/topology/lldp/LLDPDiscoveryListener.java diff | blob | history
applications/topology-lldp-discovery/src/main/java/org/opendaylight/openflowplugin/applications/topology/lldp/utils/LLDPDiscoveryUtils.java diff | blob | history
OpenFlow Plugin