Segmentation fault caused by malformed BGP packet

Ondrej Zajicek santiago at crfreenet.org
Tue May 31 02:00:53 CEST 2011


On Mon, May 30, 2011 at 05:45:20PM +0200, Ivo Smits wrote:
> After running into trouble with bird 1.2.3 trying to display 32 bit AS  
> numbers (show route all resulted in a segmentation fault), we decided to  
> upgrade to 1.3.1. Unfortunately 1.3.1 crashed even sooner than 1.2.3.  
> One of the logs looks like this:
>   bird: UFO_4_0_bgp > added 1.0.49.0/24 via 1.82.98.2 on ppp-UFO_4-0
>   Segmentation fault
>
> Disabling this peer fixed the crashes, enabling the peer brought them  
> back. After some investigation, it turned out that this BGP peer sends  
> an ORIGIN attribute even with BGP packets that only withdraw a route;  
> bird does not do this. Changing the peer's sourcecode to not send the  
> ORIGIN attribute for withdrawn routes, fixed the crashes in bird.

Thanks for the bugreport. Could you try the attached patch?
(But this bug is even in 1.2.3, not sure why it didn't show before.)

-- 
Elen sila lumenn' omentielvo

Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_missing_attr.patch
Type: text/x-diff
Size: 393 bytes
Desc: not available
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20110531/1746d97f/attachment-0001.patch>


More information about the Bird-users mailing list