|Summary:||routed closes socket 0 when /etc/gateways in use|
|Product:||Base System||Reporter:||Sprow <webpages>|
|Component:||bin||Assignee:||freebsd-net (Nobody) <net>|
|Severity:||Affects Only Me||Keywords:||patch|
Description Sprow 2017-04-29 21:37:24 UTC
Created attachment 182180 [details] Patch to parms.c In the process of starting in main() routed gets rt_sock = socket(AF_ROUTE, SOCK_RAW, 0); which on my test system is the first socket to be opened, and hence rt_sock is 0. [https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l309] A little further down main() we call gwkludge(), which parses the /etc/gateways file and adds fake interfaces for passive networks. [https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l350] Then, still in msin() we call ifinit() which looks through the interfaces known and turns on router discovery and RIP if_ok_rdisc(ifp); rip_on(ifp); [https://svnweb.freebsd.org/base/head/sbin/routed/if.c?annotate=314436#l1141] In the rip_on() function for any interfaces that are having RIP turned on any query sockets are closed (void)close(ifp->int_rip_sock); [https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l770] The problem is that when the fake interface was created memset was used to clear the struct interface, but the member int_rip_sock is never initialised. Therefore, when the loop iterates over the interfaces to turn RIP on it finds a positive number (0) and closes the socket - inadvertantly closing the rt_sock by mistake. Patch attached initialises that member to -1, an invalid socket number.