[quagga-dev 4403] Re: Segfault in lib/smux.c

Andrew J. Schorr aschorr at telemetry-investments.com
Tue Sep 26 14:22:15 BST 2006


On Tue, Sep 26, 2006 at 12:38:28PM +0200, Pierre-Yves Ritschard wrote:
> >>
> >>>  /* Generic trap integer. */
> >>>  val = SNMP_TRAP_ENTERPRISESPECIFIC;
> >>>  ptr = asn_build_int (ptr, &len,
> >>>                    (u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE |
> >>> ASN_INTEGER),
> >>>                    &val, sizeof (int));
> >>
> >
> > Ok I read the code in net-snmp and as it happens, asn_build_int checks the
> > fifth parameter against sizeof(long), so that's what made quagga segfault.
> > I'll submit a patch shortly

> The attached patch solves the problem with smux, I'm left with another
> segfault now, but I'll write a different email describing it.
> --- lib/smux.c.orig	Mon Oct  3 16:20:30 2005
> +++ lib/smux.c	Tue Sep 26 12:45:04 2006
> @@ -1032,19 +1032,19 @@
>    val = SNMP_TRAP_ENTERPRISESPECIFIC;
>    ptr = asn_build_int (ptr, &len, 
>  		       (u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER),
> -		       &val, sizeof (int));
> +		       &val, sizeof (long));
>  

Wouldn't the proper fix generally be to call asn_build_int as follows?

   ptr = asn_build_int (ptr, &len,
			(u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER),
			&val, sizeof (val));

I think that's what the designers of the API had in mind to reduce
the chance for mistakes.  And that's the style used inside net-snmp.

This style was followed in the lib/smux.c:smux_getresp_send function,
but was sadly abandoned elsewhere...

Regards,
Andy



More information about the Quagga-dev mailing list