untrusted comment: verify with openbsd-66-base.pub

untrusted comment: verify with openbsd-66-base.pub
RWSvK/c+cFe24Jx7MloiJDF+ZEh1syk0eQbq+smrbfCSAlgRMDaV4daGMy7C9KwlylkV0/5WWb1qXW/pew21yAeegC+djx40JQ4=

OpenBSD 6.6 errata 026, May 10, 2020:

ospfd could generate corrupt OSPF Router (Type 1) LSAs in certain situations.

Apply by doing:
signify -Vep /etc/signify/openbsd-66-base.pub -x 026_ospfd_lsa.patch.sig \
-m - | (cd /usr/src && patch -p0)

And then rebuild and install ospfd:
cd /usr/src/usr.sbin/ospfd
make obj
make clean
make
make install

Index: usr.sbin/ospfd/lsupdate.c
===================================================================
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.46
diff -u -p -r1.46 lsupdate.c
--- usr.sbin/ospfd/lsupdate.c 15 Jul 2019 18:26:39 -0000 1.46
+++ usr.sbin/ospfd/lsupdate.c 6 May 2020 20:10:02 -0000
@@ -175,8 +175,8 @@ int
add_ls_update(struct ibuf *buf, struct iface *iface, void *data, u_int16_t len,
u_int16_t older)
{
- void *lsage;
- u_int16_t age;
+ size_t ageoff;
+ u_int16_t age;

if ((size_t)iface->mtu < sizeof(struct ip) + sizeof(struct ospf_hdr) +
sizeof(u_int32_t) + ibuf_size(buf) + len + MD5_DIGEST_LENGTH) {
@@ -186,7 +186,7 @@ add_ls_update(struct ibuf *buf, struct i
return (0);
}

- lsage = ibuf_reserve(buf, 0);
+ ageoff = ibuf_size(buf);
if (ibuf_add(buf, data, len)) {
log_warn("add_ls_update");
return (0);
@@ -198,7 +198,7 @@ add_ls_update(struct ibuf *buf, struct i
if ((age += older + iface->transmit_delay) >= MAX_AGE)
age = MAX_AGE;
age = htons(age);
- memcpy(lsage, &age, sizeof(age));
+ memcpy(ibuf_seek(buf, ageoff, sizeof(age)), &age, sizeof(age));

return (1);
}