[Olsr-dev] buffer overrun in olsrd_secure
Dave Rivenburg
(spam-protected)
Tue Nov 30 21:20:13 CET 2010
As I do network development at home I can sometimes have several nodes on at the
same time, and typically they can all see each other. I don't know if that
condition is required to reproduce the problem, but it is the environment in
which I found it. When 8 or more nodes are on, olsrd is frequently killed by
the kernel on every node. I am also using the watchdog plugin and a process
which keeps an eye on it, so olsrd is restarted when this happens and I did not
notice it for a while.
In olsrd_secure.c there are 12 instances of this line:
uint8_t checksum_cache[512 + KEYLENGTH];
I found that in add_signature() the "[ENC]Adding signature for packet size %d"
line would sometimes show a packet size larger than 512 bytes. In fact I have
seen them as large as 800 bytes. I didn't know what a suitable size for the
checksum_cache should be, but everywhere I changed the 512 to 1024 and have not
seen the problem since.
For reference I am using olsrd 0.6.0 with these plugins: arprefresh, dot_draw,
dyn_gw, httpinfo, nameservice, secure, txtinfo, and watchdog. This is on a
wrt54g running openwrt kamikaze 7.09.
So, will the maximum packet size keep getting larger as more "universally
visible" nodes come on line? Will they ever exceed 1024 bytes?
Or is there perhaps some other problem causing the packets to be larger than an
actual intended limit of 512 bytes?
Sorry I didn't catch this in time for 0.6.1, I didn't know it was coming...
Thanks,
DR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20101130/1d4edaea/attachment.html>
More information about the Olsr-dev
mailing list