[Olsr-dev] buffer overrun in olsrd_secure

ZioPRoTo (Saverio Proto) (spam-protected)
Wed Dec 1 14:21:39 CET 2010


I opened a ticket to keep track of your report

http://olsr.org/bugs/view.php?id=17

Saverio


2010/11/30 Dave Rivenburg <(spam-protected)>:
> As I do network development at home I can sometimes have several nodes on at
> the same time, and typically they can all see each other.  I don't know if
> that condition is required to reproduce the problem, but it is the
> environment in which I found it.  When 8 or more nodes are on, olsrd is
> frequently killed by the kernel on every node.  I am also using the watchdog
> plugin and a process which keeps an eye on it, so olsrd is restarted when
> this happens and I did not notice it for a while.
> In olsrd_secure.c there are 12 instances of this line:
> uint8_t checksum_cache[512 + KEYLENGTH];
> I found that in add_signature() the "[ENC]Adding signature for packet size
> %d" line would sometimes show a packet size larger than 512 bytes.  In fact
> I have seen them as large as 800 bytes.  I didn't know what a suitable size
> for the checksum_cache should be, but everywhere I changed the 512 to 1024
> and have not seen the problem since.
> For reference I am using olsrd 0.6.0 with these plugins: arprefresh,
> dot_draw, dyn_gw, httpinfo, nameservice, secure, txtinfo, and watchdog.
>  This is on a wrt54g running openwrt kamikaze 7.09.
> So, will the maximum packet size keep getting larger as more "universally
> visible" nodes come on line?  Will they ever exceed 1024 bytes?
> Or is there perhaps some other problem causing the packets to be larger than
> an actual intended limit of 512 bytes?
> Sorry I didn't catch this in time for 0.6.1, I didn't know it was coming...
> Thanks,
> DR
>
>
> --
> Olsr-dev mailing list
> (spam-protected)
> http://lists.olsr.org/mailman/listinfo/olsr-dev
>




More information about the Olsr-dev mailing list