a00.de

www.a00.de
 > tcpgroup
 > 1991
 > msg00207

TCP-group 1991

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

latent bug in rip

To: tcp-group@ucsd.edu
Subject: latent bug in rip
From: karn@thumper.bellcore.com (Phil R. Karn)
Date: Wed, 20 Feb 91 18:56:11 EST

I just found and fixed a long-latent bug in RIP that caused crashes when
RIP default routes were received.

The problem is actually in iproute.c, in the function rt_blookup(),
which is used by rip to look up an entry in the routing table with
a specific number of significant bits. The problem was that when
the bits parameter is 0 (i.e., the default route is referenced) and
the default route was not set, a garbage pointer was returned.

The beginning of the function should now read

        if(bits == 0){
                if(R_default.iface != NULLIF)
                        return &R_default;
                else
                        return NULLROUTE;
        }
        /* Mask off target according to width */

What's funny about this is that the garbage pointer returned changed
recently when I changed the hash table modulus, so something else has
been getting clobbered all this time but it never seemed to cause
immediate problems...

Phil

Prev by Date: Re: collision avoidance
Next by Date: SMTP bug in NOS 910201
Previous by thread: new bug in iproute.c
Next by thread: SMTP bug in NOS 910201
Index(es):
- Date
- Thread

Document URL : http://www.a00.de/tcpgroup/1991/msg00207.php
Ralf D. Kloth, Ludwigsburg, DE (QRQ.software). < hostmaster at a00.de > [don't send spam]
Created 2004-12-21. Last modified 2004-12-21. Your visit 2024-11-24 01:31.26. Page created in 0.0176 sec.

[Go to the top of this page] [... to the index page]