This comse from iproute-ss050901, rebuilt on FC4 with -fortify-source
option. Seems like ip has a buffer overflow which sometimes causes a
segfault..
will try to look at it tmrw, so far here''s my gdb output.
$ gdb ip
GNU gdb Red Hat Linux (6.3.0.0-1.21rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db
library "/lib/libthread_db.so.1".
(gdb) ip -6 route show dev eth1 via ::
Undefined command: "ip". Try "help".
(gdb) set args -6 route show dev eth1 via ::
(gdb) run
Starting program: /sbin/ip -6 route show dev eth1 via ::
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
2001:470:1f01:1867::/80 metric 256 mtu 1500 advmss 1440 metric 10
4294967295
*** buffer overflow detected ***: /sbin/ip terminated
======= Backtrace: ========/lib/libc.so.6(__chk_fail+0x41)[0x945c45]
/sbin/ip[0x804f877]
/sbin/ip[0x806114c]
/sbin/ip[0x804e707]
/sbin/ip[0x8049579]
/sbin/ip[0x8049a90]
/lib/libc.so.6(__libc_start_main+0xdf)[0x87cd5f]
/sbin/ip[0x8049431]
======= Memory map: =======0084a000-00864000 r-xp 00000000 fd:00 13828114
/lib/ld-2.3.5.so
00864000-00865000 r--p 00019000 fd:00 13828114 /lib/ld-2.3.5.so
00865000-00866000 rw-p 0001a000 fd:00 13828114 /lib/ld-2.3.5.so
00868000-0098b000 r-xp 00000000 fd:00 13828127 /lib/libc-2.3.5.so
0098b000-0098d000 r--p 00123000 fd:00 13828127 /lib/libc-2.3.5.so
0098d000-0098f000 rw-p 00125000 fd:00 13828127 /lib/libc-2.3.5.so
0098f000-00991000 rw-p 0098f000 00:00 0
009fc000-00a0b000 r-xp 00000000 fd:00 13828162 /lib/libresolv-2.3.5.so
00a0b000-00a0c000 r--p 0000e000 fd:00 13828162 /lib/libresolv-2.3.5.so
00a0c000-00a0d000 rw-p 0000f000 fd:00 13828162 /lib/libresolv-2.3.5.so
00a0d000-00a0f000 rw-p 00a0d000 00:00 0
00b68000-00b71000 r-xp 00000000 fd:00
13828190 /lib/libgcc_s-4.0.1-20050727.so.1
00b71000-00b72000 rw-p 00009000 fd:00
13828190 /lib/libgcc_s-4.0.1-20050727.so.1
08048000-0806b000 r-xp 00000000 fd:00 5996663 /sbin/ip
0806b000-0806e000 rw-p 00022000 fd:00 5996663 /sbin/ip
0806e000-0808f000 rw-p 0806e000 00:00 0 [heap]
b7f61000-b7f63000 rw-p b7f61000 00:00 0
b7f6a000-b7f6b000 rw-p b7f6a000 00:00 0
bfa55000-bfa6b000 rw-p bfa55000 00:00 0 [stack]
ffffe000-fffff000 ---p 00000000 00:00 0 [vdso]
Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0x00890118 in raise () from /lib/libc.so.6
#2 0x00891888 in abort () from /lib/libc.so.6
#3 0x008c522a in __libc_message () from /lib/libc.so.6
#4 0x00945c45 in __chk_fail () from /lib/libc.so.6
#5 0x0804f877 in print_route (who=0xbfa67028, n=0xbfa636ac,
arg=0x98d5e0) at
iproute.c:219
#6 0x0806114c in rtnl_dump_filter (rth=0x806dc40, filter=0x804f51a
<print_route>, arg1=0x98d5e0, junk=0, arg2=0x0)
at libnetlink.c:207
#7 0x0804e707 in iproute_list_or_flush (argc=Variable "argc" is not
available.
) at iproute.c:1219
#8 0x08049579 in do_cmd (argv0=0xbfa69b34 "route", argc=6,
argv=0xbfa6816c) at
ip.c:84
#9 0x08049a90 in main (argc=7, argv=0xbfa68168) at ip.c:225
#10 0x0087cd5f in __libc_start_main () from /lib/libc.so.6
#11 0x08049431 in _start ()
--
Radek Vokál <rvokal@redhat.com>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
This patch fixes the problem
--- iproute2-ss050901/ip/iproute.c~ 2005-09-01 14:21:50.000000000 -0500
+++ iproute2-ss050901/ip/iproute.c 2005-10-06 21:30:36.000000000 -0500
@@ -216,13 +216,13 @@ int print_route(const struct sockaddr_nl
memset(&via, 0, sizeof(via));
via.family = r->rtm_family;
if (tb[RTA_GATEWAY])
- memcpy(&via.data, RTA_DATA(tb[RTA_GATEWAY]), host_len);
+ memcpy(&via.data, RTA_DATA(tb[RTA_GATEWAY]), host_len/8);
}
if (filter.rprefsrc.bitlen>0) {
memset(&prefsrc, 0, sizeof(prefsrc));
prefsrc.family = r->rtm_family;
if (tb[RTA_PREFSRC])
- memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len);
+ memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len/8);
}
if (filter.rdst.family && inet_addr_match(&dst, &filter.rdst,
filter.rdst.bitlen))
host_len should be divided by 8, as it''s units is bits, where memcpy is
using
bytes units.
On Thu, 2005-10-06 at 15:37 +0200, Radek Vokál wrote:> This comse from iproute-ss050901, rebuilt on FC4 with -fortify-source
> option. Seems like ip has a buffer overflow which sometimes causes a
> segfault..
>
> will try to look at it tmrw, so far here''s my gdb output.
--
Radek Vokál <rvokal@redhat.com>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc