Hi all,
I do not know if this list is still valid but anyway I will express my anxiety
for a code snippet:
Inside lib/table.c there is function set_link:
static void
set_link (struct route_node *node, struct route_node *new)
{
unsigned int bit = prefix_bit (&new->p.u.prefix, node->p.prefixlen);
node->link[bit] = new;
new->parent = node;
}
that calls function prefix_bit:
unsigned int
prefix_bit (const u_char *prefix, const u_char prefixlen)
{
unsigned int offset = prefixlen / 8;
unsigned int shift = 7 - (prefixlen % 8);
return (prefix[offset] >> shift) & 1;
}
I suppose that prefixlen could also be equal to 32 for an IPV4 address that
could result to a buffer overrun insideprefix_bit. Am I right?
Best regards,Kostas Sotiropoulos
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
