Re: [RFC PATCH 00/20] Context typed filters

Hi Ondrej, Thanks for the feedback. On 1/6/20 3:16 AM, Ondrej Zajicek wrote: Thanks for the patchset, sorry for not giving feedback sooner, was on vacation. No problem, I was expecting that. I am also first responding now, since I have been under the weather for the past few days. If i und

Re: crash in ospf lsupd/dbdes (only if authentication enabled?)

On Wed, 2020-01-08 at 14:09 +0100, Ondrej Zajicek wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Wed, Jan 08, 2020 at 12:46:14PM +, Kenth Eriksson wro

[PATCH] Fix crash in ospf when authentication is enabled

The OSPF packet size becomes larger than the socket tx buffer leading to memory corruptions (buffer overflow). Make sure that tx_hdrlen is computed after the autype and password lists are set. Signed-off-by: Kenth Eriksson --- proto/ospf/iface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletio

Re: crash in ospf lsupd/dbdes (only if authentication enabled?)

On Wed, Jan 08, 2020 at 12:46:14PM +, Kenth Eriksson wrote: > On Wed, 2020-01-08 at 13:25 +0100, Ondrej Zajicek wrote: > > > > What do you have in ifa->tx_length and ifa->tx_hdrlen? > > *plen=1504, ifa->sk->tbsize=1492, auth_len=32, ifa->tx_length=1492, > ifa->tx_hdrlen=20 Seems like tx_hdrl

Re: crash in ospf lsupd/dbdes (only if authentication enabled?)

On Wed, 2020-01-08 at 13:25 +0100, Ondrej Zajicek wrote: > > What do you have in ifa->tx_length and ifa->tx_hdrlen? *plen=1504, ifa->sk->tbsize=1492, auth_len=32, ifa->tx_length=1492, ifa->tx_hdrlen=20

Re: Static route tracking with BFD

On Wed, Jan 08, 2020 at 06:50:27AM +, Юрий Иванов wrote: > Strange but such construction leads to error: > 87 route 1.0.1.1/32 via 10.0.100.1 { > 88 bfd; > 89 }; > > bird> configure > Reading configuration from /etc/bird.conf > /etc/bird.conf:88:11 syntax error, un

Re: crash in ospf lsupd/dbdes (only if authentication enabled?)

On Wed, Jan 08, 2020 at 11:52:40AM +, Kenth Eriksson wrote: > We have seen a bird crash due to memory corruption. The call stacks > shows that it can happen at different locations, but they all seem to > come from that the packet size becomes larger than the socket tx buffer > size. > > Befo

crash in ospf lsupd/dbdes (only if authentication enabled?)

We have seen a bird crash due to memory corruption. The call stacks shows that it can happen at different locations, but they all seem to come from that the packet size becomes larger than the socket tx buffer size. Before the crash happens, the following trace can be observed in the log; 202