while reading over the IPv6addr code I notices that there is an overrun in find_if() in the case where the prefix is 128. In this case, mask.s6_addr[16] will be accessed twice, but that array only has 16 elements.
The patch below takes the simple approach of just treating 128 as a corner case and skiping the offending parts of the mask manipulation accordingly. It also reverses the way the mask is seeded, removing bits rather than adding them, to ensure that the corner case is all 1s rather than all 0s. Index: lha-STABLE_1_2-ipv6addr/heartbeat/resource.d/IPv6addr.c =================================================================== --- lha-STABLE_1_2-ipv6addr.orig/heartbeat/resource.d/IPv6addr.c 2007-04-19 12:41:45.000000000 +0900 +++ lha-STABLE_1_2-ipv6addr/heartbeat/resource.d/IPv6addr.c 2007-04-19 12:42:11.000000000 +0900 @@ -411,15 +411,17 @@ find_if(struct in6_addr* addr_target, in inet_pton(AF_INET6, addr6, &addr); /* Make the mask based on prefix length */ - for (i = 0; i < 16; i++) { - mask.s6_addr[i] = 0; - } - n = plen / 8; - for (i = 0; i < n+1; i++) { - mask.s6_addr[i] = 0xFF; - } - s = 8 - plen % 8; - mask.s6_addr[n]<<=s; + for (i = 0; i < 16; i++) { + mask.s6_addr[i] = 0xff; + } + if (plen < 128) { + n = plen / 8; + for (i = 15; i>n; i--) { + mask.s6_addr[i] = 0x0; + } + s = 8 - plen % 8; + mask.s6_addr[n] <<= s; + } /* compare addr and addr_target */ same = TRUE; -- -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/