[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-bugs
Subject: Re: Bug in bridge source code.
From: jason () thought ! net (Jason L ! Wright)
Date: 2002-09-24 19:43:25
[Download RAW message or body]
> Hi,
>
> The function void bstp_transmit_tcn(sc), in the file
> src/sys/net/bridgestp.c has a bug.
>
> The function is supposed to create a topology change
> BPDU, but the packet generated is not in the right
> format. The problem is the variable "eh" (see attached
> code) is a pointer and has a size of 4bytes, the last
> line of attached code we have a bcopy which takes the
> size of eh which returns 4, which is the bug. To send
> the right packet we need the length of ether_header
> which is 14 bytes. I hope the problem can be
> resolved.
>
There are actually two bugs like this in the same function. This
is what I get from copying and pasting from the cpdu transmit
function. Please try the patch below.
Index: bridgestp.c
===================================================================
RCS file: /cvs/src/sys/net/bridgestp.c,v
retrieving revision 1.8
diff -u -r1.8 bridgestp.c
--- bridgestp.c 14 Mar 2002 01:27:09 -0000 1.8
+++ bridgestp.c 24 Sep 2002 19:43:12 -0000
@@ -395,7 +395,7 @@
if (m == NULL)
return;
m->m_pkthdr.rcvif = ifp;
- m->m_pkthdr.len = sizeof(eh) + sizeof(bpdu);
+ m->m_pkthdr.len = sizeof(*eh) + sizeof(bpdu);
m->m_len = m->m_pkthdr.len;
eh = mtod(m, struct ether_header *);
@@ -408,7 +408,7 @@
bpdu.tbu_protoid = 0;
bpdu.tbu_protover = 0;
bpdu.tbu_bpdutype = BSTP_MSGTYPE_TCN;
- bcopy(&bpdu, m->m_data + sizeof(eh), sizeof(bpdu));
+ bcopy(&bpdu, m->m_data + sizeof(*eh), sizeof(bpdu));
s = splimp();
if ((ifp->if_flags & IFF_RUNNING) == 0)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic