From owner-freebsd-bugs Wed Mar 29 1: 1:42 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from rina.r.dl.itc.u-tokyo.ac.jp (rina.r.dl.itc.u-tokyo.ac.jp [133.11.199.247]) by hub.freebsd.org (Postfix) with ESMTP id 24F7937BF6D for ; Wed, 29 Mar 2000 01:01:37 -0800 (PST) (envelope-from tanimura@r.dl.itc.u-tokyo.ac.jp) Received: from rina.r.dl.itc.u-tokyo.ac.jp (tanimura@localhost [127.0.0.1]) by rina.r.dl.itc.u-tokyo.ac.jp (8.9.3+3.2W/3.7W-rina.r-0.1-11.01.2000) with ESMTP/IPv4 id SAA63741; Wed, 29 Mar 2000 18:01:31 +0900 (JST) Date: Wed, 29 Mar 2000 18:01:31 +0900 Message-ID: <14561.50795.50112.13042Y@rina> From: Seigo Tanimura To: m.seaman@inpharmatica.co.uk Cc: bugs@freebsd.org Subject: Re: bin/17657: 4.0-RELEASE routed cores with GENERIC kernel In-Reply-To: In your message of "Wed, 29 Mar 2000 09:48:42 +0100 (BST)" <200003290848.JAA24808@mailhost.inpharmatica.co.uk> References: <200003290848.JAA24808@mailhost.inpharmatica.co.uk> Cc: Seigo Tanimura User-Agent: Wanderlust/1.0.3 (Notorious) SEMI/1.13.4 (Terai) FLIM/1.12.7 (=?ISO-8859-4?Q?Y=FEzaki?=) MULE XEmacs/21.1 (patch 9) (Canyonlands) (i386--freebsd) Organization: Digital Library Research Division, Information Techinology Centre, The University of Tokyo MIME-Version: 1.0 (generated by SEMI 1.13.4 - "Terai") Content-Type: multipart/mixed; boundary="Multipart_Wed_Mar_29_18:01:31_2000-1" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Multipart_Wed_Mar_29_18:01:31_2000-1 Content-Type: text/plain; charset=US-ASCII On Wed, 29 Mar 2000 09:48:42 +0100 (BST), m.seaman@inpharmatica.co.uk said: m.seaman> I only noticed this after the fact, but I guess it's reproducible. It m.seaman> seems that routed will segfault after about 5 minutes. This was a m.seaman> freshly installed 4.0-RELEASE system with the GENERIC kernel, before m.seaman> I'd had a chance to finish cvsup'ing to 4.0-STABLE and re-compile the m.seaman> kernel. I had been experiencing the same problem. There seems to be a buffer overflow in routed(8). Could you please apply the following patch and see how your new routed(8) works? routed(8) in my box is working just fine for two weeks with this patch. --Multipart_Wed_Mar_29_18:01:31_2000-1 Content-Type: text/plain; type=patch; charset=US-ASCII Content-Disposition: attachment; filename="table.c.diff" Content-Transfer-Encoding: 7bit --- table.c.org Fri Sep 17 03:50:10 1999 +++ table.c Sat Mar 11 15:03:09 2000 @@ -617,6 +617,7 @@ } +#define NAME0_LEN 14 static const char * rtm_type_name(u_char type) { @@ -636,12 +637,12 @@ "RTM_DELADDR", "RTM_IFINFO" }; - static char name0[10]; + static char name0[NAME0_LEN]; if (type > sizeof(rtm_types)/sizeof(rtm_types[0]) || type == 0) { - sprintf(name0, "RTM type %#x", type); + snprintf(name0, NAME0_LEN, "RTM type %#x", type); return name0; } else { return rtm_types[type-1]; --Multipart_Wed_Mar_29_18:01:31_2000-1 Content-Type: text/plain; charset=US-ASCII -- Seigo Tanimura --Multipart_Wed_Mar_29_18:01:31_2000-1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message