Hi,
Under FreeBSD 5.1 CURRENT, ospfd crashes with a "bus error"
when adding interfaces during startup.
The crash is due to a pointer into a structure, which had been
"free"ed immediately before, being returned from subroutine.
FreeBSD 5.1 CURRENT, unlike its predecessors, seems to overwrite
memory during "free" calls.
The problem happens in ospf_if_table_lookup (in ospf_interface.c),
where "route_unlock_node" is called immediately before
"return (struct ospf_interface *) rn->info".
The "route_unlock_node", decrementing the lock count to the route
structure to zero, causes the route structure to be free`ed.
Under FreeBSD 5.1 CURRENT, the route structure gets clobbered,
and the returned pointer is no longer the expected NULL, causing
ospfd to crash.
The attached patch saves the pointer before calling "route_unlock_node".
Regards,
Claus.
--
--------------------------------------------------------
Claus Endres | Phone: +61-3-5998 2310
Endres Consulting Pty. Ltd. | Mobile: +61-418-595 136
10 Facey Road | Fax: +61-3-5998 2540
Devon Meadows, VIC 3977 | claus@endresconsulting.com
Under FreeBSD 5.1 CURRENT, ospfd crashes with a "bus error"
when adding interfaces during startup.
The crash is due to a pointer into a structure, which had been
"free"ed immediately before, being returned from subroutine.
FreeBSD 5.1 CURRENT, unlike its predecessors, seems to overwrite
memory during "free" calls.
The problem happens in ospf_if_table_lookup (in ospf_interface.c),
where "route_unlock_node" is called immediately before
"return (struct ospf_interface *) rn->info".
The "route_unlock_node", decrementing the lock count to the route
structure to zero, causes the route structure to be free`ed.
Under FreeBSD 5.1 CURRENT, the route structure gets clobbered,
and the returned pointer is no longer the expected NULL, causing
ospfd to crash.
The attached patch saves the pointer before calling "route_unlock_node".
Regards,
Claus.
--
--------------------------------------------------------
Claus Endres | Phone: +61-3-5998 2310
Endres Consulting Pty. Ltd. | Mobile: +61-418-595 136
10 Facey Road | Fax: +61-3-5998 2540
Devon Meadows, VIC 3977 | claus@endresconsulting.com