[Olsr-dev] dot_draw severe bug
Ignacio García Pérez
(spam-protected)
Fri Jul 20 14:35:56 CEST 2007
Hi,
Regarding my previously reported bug, I've boiled it down to the fact
that in olsrd_plugin.c:
*struct in_addr ipc_accept_ip*
Should be
*union olsr_in_addr ipc_accept_ip*
Plus some minor changes here an there to access the differently named
fields.
The bug is *severe*, because the set_plugin_ip_address function takes a
void * argument and casts it to olsd_in_addr, then copies a full
olsr_in_addr union, which is *bigger* than in_addr and overwrites memory
behind it.
It turns out that ipc_port is just behind it and is being corrupted by
set_plugin_ip_address.
I'm just amazed no one found this out. The quality of the 0.5 releases
is a bit disappointing.
More information about the Olsr-dev
mailing list