[Olsr-dev] buffer overrun in olsrd_secure

Dave Rivenburg (spam-protected)
Tue Nov 30 21:20:13 CET 2010


As I do network development at home I can sometimes have several nodes on at the 
same time, and typically they can all see each other.  I don't know if that 
condition is required to reproduce the problem, but it is the environment in 
which I found it.  When 8 or more nodes are on, olsrd is frequently killed by 
the kernel on every node.  I am also using the watchdog plugin and a process 
which keeps an eye on it, so olsrd is restarted when this happens and I did not 
notice it for a while.

In olsrd_secure.c there are 12 instances of this line:

uint8_t checksum_cache[512 + KEYLENGTH];

I found that in add_signature() the "[ENC]Adding signature for packet size %d" 
line would sometimes show a packet size larger than 512 bytes.  In fact I have 
seen them as large as 800 bytes.  I didn't know what a suitable size for the 
checksum_cache should be, but everywhere I changed the 512 to 1024 and have not 
seen the problem since.

For reference I am using olsrd 0.6.0 with these plugins: arprefresh, dot_draw, 
dyn_gw, httpinfo, nameservice, secure, txtinfo, and watchdog.  This is on a 
wrt54g running openwrt kamikaze 7.09.

So, will the maximum packet size keep getting larger as more "universally 
visible" nodes come on line?  Will they ever exceed 1024 bytes?

Or is there perhaps some other problem causing the packets to be larger than an 
actual intended limit of 512 bytes?

Sorry I didn't catch this in time for 0.6.1, I didn't know it was coming...

Thanks,
DR



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20101130/1d4edaea/attachment.html>


More information about the Olsr-dev mailing list