I suppose the prerequisite for calling set_link() is that new node's prefix should be longer than its parent's one (but still valid) - it's a rather obvious way of building a prefix tree. So, prefix_bit() will always read valid data. ________________________________ Od: quagga-dev-boun...@lists.quagga.net <quagga-dev-boun...@lists.quagga.net> w imieniu użytkownika Matthias Ferdinand <m...@14v.de> Wysłane: poniedziałek, 13 lipca 2020 14:29 Do: quagga-dev@lists.quagga.net <quagga-dev@lists.quagga.net> Temat: [quagga-dev 16763] Re: possible problem with prefix_bit
On Mon, Jul 13, 2020 at 12:00:02PM +0100, quagga-dev-requ...@lists.quagga.net wrote: > Message: 1 > Date: Sun, 12 Jul 2020 21:22:15 +0000 (UTC) > From: Kostas Sotiropoulos <kosot...@yahoo.gr> > To: "quagga-dev@lists.quagga.net" <quagga-dev@lists.quagga.net> > Subject: [quagga-dev 16762] possible problem with prefix_bit > Message-ID: <1148511041.807225.1594588935...@mail.yahoo.com> > Content-Type: text/plain; charset="utf-8" > > Hi all, > > I do not know if this list is still valid but anyway I will express my > anxiety for a code snippet: > Inside lib/table.c there is function set_link: > static void > set_link (struct route_node *node, struct route_node *new) > { > ? unsigned int bit = prefix_bit (&new->p.u.prefix, node->p.prefixlen); > > ? node->link[bit] = new; > ? new->parent = node; > } > that calls function prefix_bit: > unsigned int > prefix_bit (const u_char *prefix, const u_char prefixlen) > { > ? unsigned int offset = prefixlen / 8; > ? unsigned int shift? = 7 - (prefixlen % 8); > ? > ? return (prefix[offset] >> shift) & 1; > } > > I suppose that prefixlen could also be equal to 32 for an IPV4 address that > could result to a buffer overrun insideprefix_bit. Am I right? > Best regards,Kostas Sotiropoulos [ Disclaimer: I'm not a developer ] Hi, note that struct prefix is at least 8 bytes long, and AFAICT is usually embedded within a larger struct (e.g. struct route_node) with more components following after struct prefix. With 8 bytes size, prefixlen==32 for an IPv4 address will not read from outside struct prefix (offset==4). With prefixlen==128 for an IPv6 address it might read 1 byte after struct prefix (offset==8), but still from valid memory. Matthias Ferdinand _______________________________________________ Quagga-dev mailing list Quagga-dev@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-dev
_______________________________________________ Quagga-dev mailing list Quagga-dev@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-dev