[quagga-dev 7784] [PATCH] Out-of-bounds operation in ospf6_prefix_apply_mask

Jon jonirucoeith at gmail.com
Mon Feb 8 08:41:22 GMT 2010


Function patches outside prefix if exactly on the boundry.
Mask is 0x00 in those situations, and should not be used.


>From d6e0dbdcb3c5c605b9e5d9572462bea6346125a1 Mon Sep 17 00:00:00 2001
From: Jon Andersson <jon.andersson at thales.no>
Date: Mon, 8 Feb 2010 09:08:01 +0100
Subject: [PATCH] Fix out-of-bounds behaviour in ospf6_prefix_apply_mask
If prefixlen was /32, /64, or /96, function would write 0x00 to
first location outside prefix.

---
ospf6d/ospf6_proto.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ospf6d/ospf6_proto.c b/ospf6d/ospf6_proto.c
index 7e3dcf1..d7b9157 100644
--- a/ospf6d/ospf6_proto.c
+++ b/ospf6d/ospf6_proto.c
@@ -45,7 +45,8 @@ ospf6_prefix_apply_mask (struct ospf6_prefix *op)
if (index == 16)
return;

- pnt[index] &= mask;
+ if (mask)
+ pnt[index] &= mask;
index ++;

while (index < OSPF6_PREFIX_SPACE (op->prefix_length))
-- 
1.5.6.5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20100208/8dc0742a/attachment-0001.html>


More information about the Quagga-dev mailing list