-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use-after-free in internAgeRoute #90
Comments
static int removeRoute(struct RouteTable* croute) {
...
// Free the memory, and set the route to NULL...
free(croute);
croute = NULL;
logRouteTable("Remove route");
return result;
} And int internAgeRoute(struct RouteTable* croute) {
...
// If the aging counter has reached zero, its time for updating...
if(croute->ageValue == 0) {
// Check for activity in the aging process,
if(croute->ageActivity>0) {
...
} else {
...
// No activity was registered within the timelimit, so remove the route.
removeRoute(croute);
}
// Tell that the route was updated...
result = 1;
}
// The aging vif bits must be reset for each round...
BIT_ZERO(croute->ageVifBits);
return result;
} So this is a clear bug. |
On line 750 is: Lines 745 to 754 in 865a73c
And shift exponent is too large is probably because In log is also:
|
There seems to be a problem with routes getting dropped and then running though aging again. I can reproduce this reliably in a specific environment. Compiled with Clang and address sanitizer and undefined behavior sanitizer enabled.
The text was updated successfully, but these errors were encountered: