[quagga-dev 16762] possible problem with prefix_bit

Kostas Sotiropoulos kosotiro at yahoo.gr
Sun Jul 12 22:22:15 BST 2020

Hi all, 

I do not know if this list is still valid but anyway I will express my anxiety for a code snippet:
Inside lib/table.c there is function set_link:
static void
set_link (struct route_node *node, struct route_node *new)
  unsigned int bit = prefix_bit (&new->p.u.prefix, node->p.prefixlen);

  node->link[bit] = new;
  new->parent = node;
that calls function prefix_bit:
unsigned int
prefix_bit (const u_char *prefix, const u_char prefixlen)
  unsigned int offset = prefixlen / 8;
  unsigned int shift  = 7 - (prefixlen % 8);
  return (prefix[offset] >> shift) & 1;

I suppose that prefixlen could also be equal to 32 for an IPV4 address that could result to a buffer overrun insideprefix_bit. Am I right?
Best regards,Kostas Sotiropoulos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20200712/05f52b3e/attachment.html>

More information about the Quagga-dev mailing list