Bug 218959 - routed closes socket 0 when /etc/gateways in use
Summary: routed closes socket 0 when /etc/gateways in use
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-net mailing list
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-04-29 21:37 UTC by Sprow
Modified: 2017-05-03 14:19 UTC (History)
0 users

See Also:


Attachments
Patch to parms.c (370 bytes, patch)
2017-04-29 21:37 UTC, Sprow
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sprow 2017-04-29 21:37:24 UTC
Created attachment 182180 [details]
Patch to parms.c

In the process of starting in main() routed gets 
  rt_sock = socket(AF_ROUTE, SOCK_RAW, 0);
which on my test system is the first socket to be opened, and hence rt_sock is 0.
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l309]

A little further down main() we call gwkludge(), which parses the /etc/gateways file and adds fake interfaces for passive networks. 
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l350]

Then, still in msin() we call ifinit() which looks through the interfaces known and turns on router discovery and RIP 
  if_ok_rdisc(ifp);
  rip_on(ifp);
[https://svnweb.freebsd.org/base/head/sbin/routed/if.c?annotate=314436#l1141]

In the rip_on() function for any interfaces that are having RIP turned on any query sockets are closed
  (void)close(ifp->int_rip_sock);
[https://svnweb.freebsd.org/base/head/sbin/routed/main.c?annotate=314436#l770]

The problem is that when the fake interface was created memset was used to clear the struct interface, but the member int_rip_sock is never initialised. Therefore, when the loop iterates over the interfaces to turn RIP on it finds a positive number (0) and closes the socket - inadvertantly closing the rt_sock by mistake.

Patch attached initialises that member to -1, an invalid socket number.