NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/38791: routing socket event header not cleared

>Number:         38791
>Category:       kern
>Synopsis:       routing socket event header not cleared
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 29 17:35:01 +0000 2008
>Originator:     J.T. Conklin
>Release:        NetBSD 4.99.56
System: NetBSD vm-nbsd5 4.99.56 NetBSD 4.99.56 (GENERIC) #0: Sat Mar 22 
18:35:25 PDT 2008
Architecture: i386
Machine: i386
The header of routing socket events is not cleared in rt_msg1(), which
means that some fields (rtm_seq, rtm_pid, rtm_errno, etc.) that aren't
set for each message type contain uninitialized garbage.

The version of rt_msg1() documented in Stevens' TCP/Illustrated
contains an bzero() to clear the header, but as far as I can tell,
this was never in NetBSD (I checked as far back as NetBSD 2.0, the
earliest release that I have source unpacked).

The enclosed patch has a memset() where the Stevens' implementation
has bzero().

Observe contents of routing socket events.

Index: rtsock.c
RCS file: /cvsroot/src/sys/net/rtsock.c,v
retrieving revision 1.105
diff -c -r1.105 rtsock.c
*** rtsock.c    25 May 2008 01:59:55 -0000      1.105
--- rtsock.c    29 May 2008 17:22:39 -0000
*** 586,591 ****
--- 586,592 ----
        m->m_pkthdr.rcvif = NULL;
        m_copyback(m, 0, datalen, data);
        rtm = mtod(m, struct rt_msghdr *);
+       memset(rtm, 0, len);
        for (i = 0; i < RTAX_MAX; i++) {
                if ((sa = rtinfo->rti_info[i]) == NULL)


Home | Main Index | Thread Index | Old Index