[quagga-users 13470] Re: bgpd crash on freebsd 8.3, 0.99.21 from the fbsd ports

Christian Franke nobody at nowhere.ws
Fri Oct 18 00:05:14 BST 2013


On 09/25/2013 02:35 AM, Kurt Jaeger wrote:
>> On 25/09/2013 09:52, Kurt Jaeger wrote:
>>> I tried to dump the bgp packets. The four packets with the same
>>> timestamp do not look related to the problem to my untrained eye 8-(

After going through the bgp code I would guess that these crash were due
to a bug in 0.99.21 concerning the handling of unknown transitive
attributes. If there was /any/ unknown transitive attribute, quagga
would access uninitialized memory instead of getting the correct
attribute length. That's the reason why bgpd was trying to write such a
ridiculously large number of bytes: it was using the uninitialized
length field of the transitive attribute.

This bug is already fixed in 0.99.22:

  commit 8794e8d229dc9fe29ea31424883433d4880ef408
  Author: Paul Jakma <paul at quagga.net>
  Date:   Mon Feb 13 13:53:07 2012 +0000

      bgpd: Fix regression in args consolidation, total should be inited
            from args

-Christian



More information about the Quagga-users mailing list