[PATCH] Fix an endless loop in OSPF
Rani Assaf
rani at paname.org
Wed Sep 3 17:45:15 CEST 2003
Hi,
The attached patch changes the type of "i" in ospf_hello_rx() from "u8"
to "u32" to prevent bird from entering an endless loop here:
for(i=0;i<size-(sizeof(struct ospf_hello_packet));i++)
The problem occurs when:
size-(sizeof(struct ospf_hello_packet)) > 255,
which is the case when you start to have a lot of neighbors in the area
(I triggered this while trying to run bird in an area with more than 60
neighbors).
Regards,
Rani
--- bird-1.0.7/proto/ospf/hello.c 2003-08-14 10:13:14.000000000 +0200
+++ bird-1.0.7-debian/proto/ospf/hello.c 2003-09-03 05:57:13.000000000 +0200
@@ -59,7 +59,8 @@
{
u32 nrid, *pnrid;
struct ospf_neighbor *neigh,*n;
- u8 i,twoway,oldpriority;
+ u32 i;
+ u8 twoway,oldpriority;
ip_addr olddr,oldbdr;
ip_addr mask;
char *beg=": Bad OSPF hello packet from ", *rec=" received: ";
More information about the Bird-users
mailing list