>Number:         2872
>Category:       bin
>Synopsis:       Routed.h has incorrect usage of netauth struct
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 20 13:50:01 1996
>Last-Modified:
>Originator:     David Carrel
>Organization:
	weenies anonymmous
>Release:        NetBSD-current supped 19 Oct 1996
>Environment:
System: NetBSD spy 1.2 NetBSD 1.2 (SPY) #5: Sun Sep 15 20:53:37 PDT 1996 carrel@spy:/.a/haydon/home/NetBSD/src/sys/arch/i386/compile/SPY i386


>Description:
	On my hp300 the compiler discovered a bogus test on line 415 of
sbin/routed/input.c.  The test of n->n_family and (struct netauth)n->a_type
are referencing the same 16 bits.  (So the if statement will always
evaluate true!!)  The netauth structure does indeed overlap a netinfo
struct in the RIPv2 protocol, but only AFTER the netinfo->n_type field.
The netauth struct needs to be offset by 16 bits.

	Reference for this can be found in RFC1723, section 3.1, page 4.

	ALSO!!!  There is a copy of routed.h in sbin/routed/ and also in
include/protocols/.  There should only be one!!!  The one in sbin/routed/
should be removed.

>How-To-Repeat:
	There isn't much to repeat.  The compile fails on the hp300, but
interestingly enough, the compiler doesn't notice the problem on my i386.
>Fix:
	The following patch fixes the problems.  I don't know where NetBSD
get's routed from, but this should be passed back to that source.  This
patch should be applied to include/protocols/routed.h and
sbin/routed/routed.h should be deleted from the tree.

*** routed.h.orig	Sun Oct 20 13:17:11 1996
--- routed.h	Sun Oct 20 13:18:33 1996
***************
*** 85,90 ****
--- 85,91 ----
  
  /* RIPv2 authentication */
  struct netauth {
+ 	u_int16_t   a_family;		/* overlays netinfo.n_family */
  	u_int16_t   a_type;
  #define	    RIP_AUTH_PW	    htons(2)	/* password type */
  	union {

>Audit-Trail:
>Unformatted: