[quagga-dev 4411] more 64 bit issues in smux

Pierre-Yves Ritschard pierre-yves at spootnik.org
Wed Sep 27 13:04:04 BST 2006

Hi list,

There's more 64 issues laying around in the smux code.
I found one but cannot get to the bottom of it, so I'm posting some
thoughts here in case someone finds a solution quickier than me:

In smux_trap, a call to smux_get is issued, right here:

Line 1097:
>      ret = smux_get (oid, &oid_len, 1, &val_type, &val, &val_len);
>      if (debug_smux)
>        zlog_debug ("smux_get result %d", ret);

In this call, the variable array in subtree is traversed, calling the
FindVarMethod for each variable, like this:

Line 514:
>  for (ALL_LIST_ELEMENTS (treelist, node, nnode,subtree))
>    {
>      subresult = oid_compare_part (reqid, *reqid_len,
>                                    subtree->name, subtree->name_len);
> [...]
>                  *val = (*v->findVar) (v, suffix, &suffix_len, exact,
>                                        val_len, &write_method);

In this call, val_len which is a "size_t *" is sometimes set to 4, But the
actual code is in net-snmp. This is wrong and the resulting code breaks
since sizeof(long) is 8 on my system. Subsequent asn_build_ calls will
then break and return NULL, the pointers will be dereferenced later on and
crash ospfd.

I can't get to see if the calling code is responsible for this return or
the net-snmp code.

Any ideas ?

P.S: error checks for NULL returns are missing everywhere in the code ? is
this on purpose, if not, I could submit a patch fixing that if I get some
pointers on what to do in the case of error returns (silently logging,
terminating the SMUX agent, ...)

More information about the Quagga-dev mailing list