From owner-freebsd-bugs  Tue Apr 11 18:40: 6 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 0EC7637BC37
	for <freebsd-bugs@FreeBSD.org>; Tue, 11 Apr 2000 18:40:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id SAA66351;
	Tue, 11 Apr 2000 18:40:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id EE27837BB46
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 11 Apr 2000 18:33:50 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id SAA65648;
	Tue, 11 Apr 2000 18:33:49 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200004120133.SAA65648@freefall.freebsd.org>
Date: Tue, 11 Apr 2000 18:33:49 -0700 (PDT)
From: msmith@netapp.com
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: bin/17939: routed calls ntohs twice on the same field
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         17939
>Category:       bin
>Synopsis:       routed calls ntohs twice on the same field
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 11 18:40:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Mark Smith
>Release:        3.4
>Organization:
Network Appliance
>Environment:
>Description:
In sbin/routed/rdisc.c, parse_ad() is called as follows:

          parse_ad(from.sin_addr.s_addr,
                   wp[0], wp[1],
                   ntohs(p->ad.icmp_ad_life),
                   ifp);

Thus, when we are in parse_ad() the 4th arg (life) is already in
host order.  Down at the bottom of parse_ad() we have this:

     new_drp->dr_life = ntohs(life);

It looks to me like this call to ntohs() ends up converting it
back to network order.  This causes routed to use the wrong value
when it uses dr_life elsewhere.

>How-To-Repeat:
This was found by code inspection.  The default value for life is
1800 which is 2055 when byte swapped so most people probably never
noticed.
>Fix:
Don't call ntohs() in parse_ad().

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message