Bug 2819
Summary: | autoroute patch introduces new bug | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | roganov |
Component: | traceroute | Assignee: | Jay Turner <jturner> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | mikepery, srevivo |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1999-05-14 15:11:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Fixed in traceroute-1.4a5-15. Thanks for the analysis and patch! *** Bug 3295 has been marked as a duplicate of this bug. *** The USE_KERNEL_ROUTING_TABLE patch to traceroute causes it to segfault with used with -i. This is because the ifaddrlist is searched for the interface you specify, but then the search_routing_table() call continues the search at the position in the list found by the previous search. Consequently, the second search eventually runs right past the end of the array in a vain attempt to find a unique interface. This unintialized memory (zeroed in my case) causes a segfault when a field of the run away pointer is passed to a strcmp. Because all this red tape sickens me, and because I have better things to do than to wait around for a BUG ID to submit a one line patch, I'm going to describe the fix here. Right around line 703 you add: if(device == NULL && n > 1) right before the call to search_routing_table() |
Dear Friends ! We found a bug in a traceroute package, linked with a last patch -- so called autoroute addition. This bug involves 'Segmentation fault' when traceroute is invoked at computer having few network interfaces in a following manner: traceroute host_not_in_eth2_inet -i eth2 The reason of this bug is a different representation of original code and new autoroute addition: new code assumes that 'al' variable always contains a list of all interfaces, obtained via call: (see file traceroute.c after all patch being applied) ifaddrlist(&al, errbuf); But really original code changes 'al' pointer below, looking for pointed device: /* Look for a specific device */ if (device != NULL) { for (i = n; i > 0; --i, ++al) if (strcmp(device, al->device) == 0) break; if (i <= 0) { Fprintf(stderr, "%s: Can't find interface %s\n", prog, device); exit(1); } } As a result routine 'search_routing_table' is called of inproper data what leads to program crash. We are currently using following changes for code: <<<<<<<<<<<<<<<< --- traceroute.c.old Fri May 14 14:13:02 1999 +++ traceroute.c Fri May 14 14:21:41 1999 @@ -348,7 +348,7 @@ int tos = 0, settos = 0; register int lsrr = 0; register u_short off = 0; - struct ifaddrlist *al; + struct ifaddrlist *al, *al_orig; char errbuf[132]; if ((cp = strrchr(argv[0], '/')) != NULL) @@ -670,6 +670,7 @@ /* Get the interface address list */ n = ifaddrlist(&al, errbuf); + al_orig = al; if (n < 0) { Fprintf(stderr, "%s: ifaddrlist: %s\n", prog, errbuf); exit(1); @@ -700,7 +701,7 @@ * there is no match, default to using the first * interface found. */ - al = search_routing_table(to, al, n); + al = search_routing_table(to, al_orig, n); setsin(from, al->addr); #else /* >>>>>>>>>>>>> what is currently used in our 'traceroute-1.4a5-autoroute-bugfix.patch', added to traceroute.spec file.