[quagga-dev 4400] Segfault in lib/smux.c
pierre-yves at spootnik.org
Tue Sep 26 09:11:48 BST 2006
We are using quagga-0.99.5 on amd64 linux boxes.
When trying to bind quagga to snmpd thru the smux peer configuration
option we ran in a segfault in ospfd.
The ospfd log says:
OSPF: Received signal 11 at 1159201300 (si_addr 0x0); aborting...
Using additionnal zlog's I tracked it down to the smux_trap call in
ospf_snmp.c at line 2578 in ospfTrapNbrStateChange().
> smux_trap (ospf_oid, sizeof ospf_oid / sizeof (oid),
> index, IN_ADDR_SIZE + 1,
> sizeof ospfNbrTrapList / sizeof (struct trap_object),
> time (NULL), NBRSTATECHANGE);
Now in smux_trap(), I found a call to asn_build_sequence with a NULL
pointer which is the cause of the crash in smux.c at line 1051.
> ptr = asn_build_sequence (ptr, &len,
> (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
I'm trying to see why a NULL pointer is passed here, but thought this
might be precise enough so you guys could see what is going on too.
If you have any idea for a fix, we'd be grateful.
Some more detail:
The ptr pointer (which is a pointer to the asn buffer) becomes NULL
> /* Generic trap integer. */
> val = SNMP_TRAP_ENTERPRISESPECIFIC;
> ptr = asn_build_int (ptr, &len,
> (u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER),
> &val, sizeof (int));
It looks like it is related to the size of ints snmp wise and system
More information about the Quagga-dev