Date: Tue, 11 Apr 2000 18:33:49 -0700 (PDT) From: msmith@netapp.com To: freebsd-gnats-submit@FreeBSD.org Subject: bin/17939: routed calls ntohs twice on the same field Message-ID: <200004120133.SAA65648@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 17939
>Category: bin
>Synopsis: routed calls ntohs twice on the same field
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 11 18:40:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Mark Smith
>Release: 3.4
>Organization:
Network Appliance
>Environment:
>Description:
In sbin/routed/rdisc.c, parse_ad() is called as follows:
parse_ad(from.sin_addr.s_addr,
wp[0], wp[1],
ntohs(p->ad.icmp_ad_life),
ifp);
Thus, when we are in parse_ad() the 4th arg (life) is already in
host order. Down at the bottom of parse_ad() we have this:
new_drp->dr_life = ntohs(life);
It looks to me like this call to ntohs() ends up converting it
back to network order. This causes routed to use the wrong value
when it uses dr_life elsewhere.
>How-To-Repeat:
This was found by code inspection. The default value for life is
1800 which is 2055 when byte swapped so most people probably never
noticed.
>Fix:
Don't call ntohs() in parse_ad().
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004120133.SAA65648>