Bug 31045
| Summary: | routed dumps core | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Paul Herman <pherman> |
| Component: | bin | Assignee: | Bruce M Simpson <bms> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.4-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-bugs->ru Ruslan has been working on routed Responsible Changed From-To: ru->freebsd-bugs No he hasn't :-) Responsible Changed From-To: freebsd-bugs->bms I'm in hoover up network PRs mode. I'll look into this. State Changed From-To: open->feedback Have you tried to reproduce the failure case with a more recent version of FreeBSD, e.g. 4.9-RELEASE? State Changed From-To: feedback->closed Closed at submitter's request. |
my routed dumps core when I do an rtquery on it's xl1 interface. My /etc/gateways: if=xl1 no_rip no_rdisc if=xl0 pm_rdisc routed is started as "routed -s" to force it to act like a gateway. Here's the trace: 12:30:41{{ttyp0}root@arthur}/sbin//> gdb /sbin/routed /routed.core GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "alpha-unknown-freebsd"... Core was generated by `routed'. Program terminated with signal 11, Segmentation fault. #0 0x1200088bc in supply (dst=0x120079b40, ifp=0x0, type=OUT_QUERY, flash=0, vers=2, passwd_ok=0) at /usr/src/sbin/routed/output.c:767 767 if (supplier && (def_metric = ifp->int_d_metric) != 0) { (gdb) bt #0 0x1200088bc in supply (dst=0x120079b40, ifp=0x0, type=OUT_QUERY, flash=0, vers=2, passwd_ok=0) at /usr/src/sbin/routed/output.c:767 (gdb) print ifp $1 = (struct interface *) 0x0 (gdb) print *rt $2 = {rt_nodes = {{rn_mklist = 0x0, rn_p = 0x0, rn_b = 0, rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = {rn_Key = 0x0, rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = {rn_Off = 0, rn_L = 0x0, rn_R = 0x0}}}, {rn_mklist = 0x0, rn_p = 0x0, rn_b = 0, rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = { rn_Key = 0x0, rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = { rn_Off = 0, rn_L = 0x0, rn_R = 0x0}}}}, rt_state = 0, rt_dst_sock = { sin_len = 0 '\000', sin_family = 0 '\000', sin_port = 0, sin_addr = { s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, rt_mask = 0, rt_spares = {{rts_ifp = 0x0, rts_gate = 0, rts_router = 0, rts_metric = 0 '\000', rts_tag = 0, rts_time = 0, rts_de_ag = 0}, { rts_ifp = 0x0, rts_gate = 0, rts_router = 0, rts_metric = 0 '\000', rts_tag = 0, rts_time = 0, rts_de_ag = 0}, {rts_ifp = 0x0, rts_gate = 0, rts_router = 0, rts_metric = 0 '\000', rts_tag = 0, rts_time = 0, rts_de_ag = 0}, {rts_ifp = 0x0, rts_gate = 0, rts_router = 0, rts_metric = 0 '\000', rts_tag = 0, rts_time = 0, rts_de_ag = 0}}, rt_seqno = 0, rt_poison_metric = 0 '\000', rt_poison_time = 0} Seems like "rtfind(dst->sin_addr.s_addr)" fails in the beginning of supply() in output.c, and ifp is assigned a NULL pointer. Fix: I suppose have supply() do some bounds checking and then fail accordingly, but I don't even know what supply() does, so wouldn't know how to do that. Other configuration info available upon request. How-To-Repeat: Do same setup as described at the beginning of "Description:" and do an rtquery from an external host.