From: Jo-Philipp Wich Date: Fri, 22 Jun 2012 01:40:20 +0000 (+0000) Subject: [packages] olsrd: fix stack corruption in net_output() X-Git-Url: http://git.openwrt.org/?p=feed%2Frouting.git;a=commitdiff_plain;h=dd6035cba3579869fb3a21fa3a81c49245e35154;hp=02e13f1b77a79fc0046c8b4b7ab8d3e1298538f7 [packages] olsrd: fix stack corruption in net_output() git-svn-id: svn://svn.openwrt.org/openwrt/packages/net/olsrd@32484 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- diff --git a/Makefile b/Makefile index 0aed70e..63c7fe4 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=olsrd PKG_VERSION:=0.6.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://www.olsr.org/releases/0.6 diff --git a/patches/100-olsrd-fix-stack-corruption-in-net_output.patch b/patches/100-olsrd-fix-stack-corruption-in-net_output.patch new file mode 100644 index 0000000..77c2323 --- /dev/null +++ b/patches/100-olsrd-fix-stack-corruption-in-net_output.patch @@ -0,0 +1,52 @@ +From f4d250ad4fad5fcfe5b5feaac3f3e121adef3fba Mon Sep 17 00:00:00 2001 +From: Jo-Philipp Wich +Date: Fri, 22 Jun 2012 03:17:59 +0200 +Subject: [PATCH] olsrd: fix stack corruption in net_output() + +The net_output() function indirectly uses the stack variables dst and dst6 +outside of the scope they're declared in, this might leads to olsr_sendto() +being called with a corrupted destination sockaddr_in. + +This failure condition can be observed in the log, olsrd will continuosly +print "sendto(v4): Invalid Argument" or a similar message. On ARM it has been +reported to result in "Unsupported Address Family". + +This bug became apparant on a custon OpenWrt x86_64 uClibc target using the +Linaro GCC 4.7-2012.04 compiler, it has been reported for an unspecified ARM +target as well. + +The offending code seems to be unchanged since 2008 and it does not cause +issues on 32bit systems and/or with older (Linaro) GCC versions, but the +compiler used in our tests seems to perform more aggressive optimizations +leading to a stack corruption. +--- + src/net_olsr.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +--- a/src/net_olsr.c ++++ b/src/net_olsr.c +@@ -336,6 +336,8 @@ net_output(struct interface *ifp) + { + struct sockaddr_in *sin = NULL; + struct sockaddr_in6 *sin6 = NULL; ++ struct sockaddr_in dst; ++ struct sockaddr_in6 dst6; + struct ptf *tmp_ptf_list; + union olsr_packet *outmsg; + int retval; +@@ -354,7 +356,6 @@ net_output(struct interface *ifp) + outmsg->v4.olsr_packlen = htons(ifp->netbuf.pending); + + if (olsr_cnf->ip_version == AF_INET) { +- struct sockaddr_in dst; + /* IP version 4 */ + sin = (struct sockaddr_in *)&ifp->int_broadaddr; + +@@ -365,7 +366,6 @@ net_output(struct interface *ifp) + if (sin->sin_port == 0) + sin->sin_port = htons(olsr_cnf->olsrport); + } else { +- struct sockaddr_in6 dst6; + /* IP version 6 */ + sin6 = (struct sockaddr_in6 *)&ifp->int6_multaddr; + /* Copy sin */ diff --git a/patches/900-force_copy_olsrd_conf_file.patch b/patches/900-force_copy_olsrd_conf_file.patch index f1e4785..7b42670 100644 --- a/patches/900-force_copy_olsrd_conf_file.patch +++ b/patches/900-force_copy_olsrd_conf_file.patch @@ -1,6 +1,6 @@ ---- a/Makefile 2010-06-14 11:27:58.000000000 +0200 -+++ b/Makefile 2010-06-14 11:28:44.000000000 +0200 -@@ -117,7 +117,7 @@ +--- a/Makefile ++++ b/Makefile +@@ -128,7 +128,7 @@ install_olsrd: install_bin @echo can be found at files/olsrd.conf.default.lq @echo ========================================================== mkdir -p $(ETCDIR)