[PATCH] Fix an endless loop in OSPF

Ondrej Feela Filip feela at network.cz
Wed Sep 3 19:27:59 CEST 2003


On Wed, 3 Sep 2003, Rani Assaf wrote:

> Hi,
> 
> The attached patch  changes the type of "i" in  ospf_hello_rx() from "u8"
> to "u32" to prevent bird from entering an endless loop here:
> 
>   for(i=0;i<size-(sizeof(struct ospf_hello_packet));i++)
> 
> The problem occurs when:
> 	size-(sizeof(struct ospf_hello_packet)) > 255,
> 
> which is the case  when you start to have a lot of  neighbors in the area
> (I triggered this while  trying to run bird in an area  with more than 60
> neighbors).
> 
> Regards,
> Rani

Hello!
Thank you very much I was not able to imagine something like that. Patch 
accepted, it will go to 1.0.8.

("Debian" means that you're building debian packages?)
				
				Feela


> 
> 
> --- bird-1.0.7/proto/ospf/hello.c	2003-08-14 10:13:14.000000000 +0200
> +++ bird-1.0.7-debian/proto/ospf/hello.c	2003-09-03 05:57:13.000000000 +0200
> @@ -59,7 +59,8 @@
>  {
>    u32 nrid, *pnrid;
>    struct ospf_neighbor *neigh,*n;
> -  u8 i,twoway,oldpriority;
> +  u32 i;
> +  u8 twoway,oldpriority;
>    ip_addr olddr,oldbdr;
>    ip_addr mask;
>    char *beg=": Bad OSPF hello packet from ", *rec=" received: ";
> 




More information about the Bird-users mailing list