[quagga-dev 4403] Re: Segfault in lib/smux.c
Andrew J. Schorr
aschorr at telemetry-investments.com
Tue Sep 26 14:22:15 BST 2006
On Tue, Sep 26, 2006 at 12:38:28PM +0200, Pierre-Yves Ritschard wrote:
> >>> /* Generic trap integer. */
> >>> val = SNMP_TRAP_ENTERPRISESPECIFIC;
> >>> ptr = asn_build_int (ptr, &len,
> >>> (u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE |
> >>> ASN_INTEGER),
> >>> &val, sizeof (int));
> > Ok I read the code in net-snmp and as it happens, asn_build_int checks the
> > fifth parameter against sizeof(long), so that's what made quagga segfault.
> > I'll submit a patch shortly
> The attached patch solves the problem with smux, I'm left with another
> segfault now, but I'll write a different email describing it.
> --- lib/smux.c.orig Mon Oct 3 16:20:30 2005
> +++ lib/smux.c Tue Sep 26 12:45:04 2006
> @@ -1032,19 +1032,19 @@
> val = SNMP_TRAP_ENTERPRISESPECIFIC;
> ptr = asn_build_int (ptr, &len,
> (u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER),
> - &val, sizeof (int));
> + &val, sizeof (long));
Wouldn't the proper fix generally be to call asn_build_int as follows?
ptr = asn_build_int (ptr, &len,
(u_char)(ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER),
&val, sizeof (val));
I think that's what the designers of the API had in mind to reduce
the chance for mistakes. And that's the style used inside net-snmp.
This style was followed in the lib/smux.c:smux_getresp_send function,
but was sadly abandoned elsewhere...
More information about the Quagga-dev