Bug#615625: radvd: Error in DNSSL parsing

Sun, 27 Feb 2011 12:45:17 -0800 

Package: radvd
Version: 1:1.7-1
Severity: minor
Tags: patch


The DNSSL parser uses uninitialized memory when examining the first
suffix:

Feb 27 02:28:51 tesla radvd[19705]: DNSSL suffix ะน#003#037#016#177.vault24.org 
received on br0 from fe80::221:85ff:fe1f:20f0 is not advertised by us

Attached is a patch that fixes this, it also changes the text of the
following log message to be more correct:

Feb 27 02:38:38 tesla radvd[19715]: Exiting, privsep_read_loop had readn error: 
Success


Minor cause DNSSL isn't supported by much, so no one is likely to be
using it yet.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages radvd depends on:
ii  adduser                       3.112+nmu2 add and remove users and groups
ii  libc6                         2.11.2-11  Embedded GNU C Library: Shared lib

radvd recommends no packages.

radvd suggests no packages.

-- no debconf information

--- radvd-1.7.orig/radvdump.c
+++ radvd-1.7/radvdump.c
@@ -436,6 +436,7 @@
 			dnssl_info = (struct nd_opt_dnssl_info_local *) opt_str;
 
 			printf("\n\tDNSSL");
+			suffix[0] = '\0';
 
 			for (offset = 0;offset < (dnssl_info->nd_opt_dnssli_len-1)*8;) {
 				label_len = dnssl_info->nd_opt_dnssli_suffixes[offset++];
--- radvd-1.7.orig/process.c
+++ radvd-1.7/process.c
@@ -414,6 +414,7 @@
 			break;
 		case ND_OPT_DNSSL_INFORMATION:
 			dnsslinfo = (struct nd_opt_dnssl_info_local *) opt_str;
+			suffix[0] = '\0';
 			for (offset = 0; offset < (dnsslinfo->nd_opt_dnssli_len-1)*8;) {
 				label_len = dnsslinfo->nd_opt_dnssli_suffixes[offset++];
 
--- radvd-1.7.orig/privsep-linux.c
+++ radvd-1.7/privsep-linux.c
@@ -52,9 +52,13 @@
 		ret = readn(pfd, &cmd, sizeof(cmd));
 		if (ret <= 0) {
 			/* Error or EOF, give up */
+			if (ret < 0) {
+				flog(LOG_ERR, "Exiting, privsep_read_loop had readn error: %s\n",
+				     strerror(errno));
+			} else {
+				flog(LOG_ERR, "Exiting, privsep_read_loop had readn return 0 bytes\n");
+			}
 			close(pfd);
-			flog(LOG_ERR, "Exiting, privsep_read_loop had readn error: %s\n",
-			     strerror(errno));
 			_exit(0);
 		}
 		if (ret != sizeof(cmd)) {

Reply via email to