Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Apr 2017 21:37:24 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 218959] routed closes socket 0 when /etc/gateways in use
Message-ID:  <bug-218959-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218959

            Bug ID: 218959
           Summary: routed closes socket 0 when /etc/gateways in use
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: webpages@sprow.co.uk

Created attachment 182180
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D182180&action=
=3Dedit
Patch to parms.c

In the process of starting in main() routed gets=20
  rt_sock =3D socket(AF_ROUTE, SOCK_RAW, 0);
which on my test system is the first socket to be opened, and hence rt_sock=
 is
0.
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=3D314436#=
l309]

A little further down main() we call gwkludge(), which parses the /etc/gate=
ways
file and adds fake interfaces for passive networks.=20
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=3D314436#=
l350]

Then, still in msin() we call ifinit() which looks through the interfaces k=
nown
and turns on router discovery and RIP=20
  if_ok_rdisc(ifp);
  rip_on(ifp);
[https://svnweb.freebsd.org/base/head/sbin/routed/if.c?annotate=3D314436#l1=
141]

In the rip_on() function for any interfaces that are having RIP turned on a=
ny
query sockets are closed
  (void)close(ifp->int_rip_sock);
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=3D314436#=
l770]

The problem is that when the fake interface was created memset was used to
clear the struct interface, but the member int_rip_sock is never initialise=
d.
Therefore, when the loop iterates over the interfaces to turn RIP on it fin=
ds a
positive number (0) and closes the socket - inadvertantly closing the rt_so=
ck
by mistake.

Patch attached initialises that member to -1, an invalid socket number.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-218959-8>