I suppose the prerequisite for calling set_link() is that new node's prefix should be longer than its parent's one (but still valid) - it's a rather obvious way of building a prefix tree. So, prefix_bit() will always read valid data. ________________________________ Od: [email protected] <[email protected]> w imieniu użytkownika Matthias Ferdinand <[email protected]> Wysłane: poniedziałek, 13 lipca 2020 14:29 Do: [email protected] <[email protected]> Temat: [quagga-dev 16763] Re: possible problem with prefix_bit
On Mon, Jul 13, 2020 at 12:00:02PM +0100, [email protected] wrote: > Message: 1 > Date: Sun, 12 Jul 2020 21:22:15 +0000 (UTC) > From: Kostas Sotiropoulos <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [quagga-dev 16762] possible problem with prefix_bit > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Hi all, > > I do not know if this list is still valid but anyway I will express my > anxiety for a code snippet: > Inside lib/table.c there is function set_link: > static void > set_link (struct route_node *node, struct route_node *new) > { > ? unsigned int bit = prefix_bit (&new->p.u.prefix, node->p.prefixlen); > > ? node->link[bit] = new; > ? new->parent = node; > } > that calls function prefix_bit: > unsigned int > prefix_bit (const u_char *prefix, const u_char prefixlen) > { > ? unsigned int offset = prefixlen / 8; > ? unsigned int shift? = 7 - (prefixlen % 8); > ? > ? return (prefix[offset] >> shift) & 1; > } > > I suppose that prefixlen could also be equal to 32 for an IPV4 address that > could result to a buffer overrun insideprefix_bit. Am I right? > Best regards,Kostas Sotiropoulos [ Disclaimer: I'm not a developer ] Hi, note that struct prefix is at least 8 bytes long, and AFAICT is usually embedded within a larger struct (e.g. struct route_node) with more components following after struct prefix. With 8 bytes size, prefixlen==32 for an IPv4 address will not read from outside struct prefix (offset==4). With prefixlen==128 for an IPv6 address it might read 1 byte after struct prefix (offset==8), but still from valid memory. Matthias Ferdinand _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
