Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Apr 2017 21:37:24 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 218959] routed closes socket 0 when /etc/gateways in use
Message-ID:  <bug-218959-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218959

            Bug ID: 218959
           Summary: routed closes socket 0 when /etc/gateways in use
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: webpages@sprow.co.uk

Created attachment 182180
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182180&action=edit
Patch to parms.c

In the process of starting in main() routed gets 
  rt_sock = socket(AF_ROUTE, SOCK_RAW, 0);
which on my test system is the first socket to be opened, and hence rt_sock is
0.
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l309]

A little further down main() we call gwkludge(), which parses the /etc/gateways
file and adds fake interfaces for passive networks. 
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l350]

Then, still in msin() we call ifinit() which looks through the interfaces known
and turns on router discovery and RIP 
  if_ok_rdisc(ifp);
  rip_on(ifp);
[https://svnweb.freebsd.org/base/head/sbin/routed/if.c?annotate=314436#l1141]

In the rip_on() function for any interfaces that are having RIP turned on any
query sockets are closed
  (void)close(ifp->int_rip_sock);
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l770]

The problem is that when the fake interface was created memset was used to
clear the struct interface, but the member int_rip_sock is never initialised.
Therefore, when the loop iterates over the interfaces to turn RIP on it finds a
positive number (0) and closes the socket - inadvertantly closing the rt_sock
by mistake.

Patch attached initialises that member to -1, an invalid socket number.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-218959-8>