ripd crashes: ripd[26316]: RIPd 1.0.20160315-gentoo starting: vty@2602 zebra[26202]: client 13 says hello and bids fair to announce only rip routes ripd[26316]: Received signal 11 at 1460154543 (si_addr 0x0, PC 0x40740f); aborting... ripd[26316]: Backtrace for 12 stack frames: ripd[26316]: /usr/lib64/libzebra.so.0(zlog_backtrace_sigsafe+0x48) [0x7fafea29ba4e] ripd[26316]: /usr/lib64/libzebra.so.0(zlog_signal+0x32e) [0x7fafea29c1de] ripd[26316]: /usr/lib64/libzebra.so.0(+0x3e383) [0x7fafea2a6383] ripd[26316]: /lib64/libc.so.6(+0x33900) [0x7fafe9ef3900] ripd[26316]: /usr/sbin/ripd() [0x40740f] ripd[26316]: /usr/sbin/ripd() [0x4077b4] ripd[26316]: /usr/sbin/ripd() [0x40799b] ripd[26316]: /usr/sbin/ripd() [0x407c5b] ripd[26316]: /usr/lib64/libzebra.so.0(thread_call+0x6b) [0x7fafea28f3f9] ripd[26316]: /usr/sbin/ripd() [0x4047ff] ripd[26316]: /lib64/libc.so.6(__libc_start_main+0x108) [0x7fafe9ee08a8] ripd[26316]: /usr/sbin/ripd() [0x4048a9] ripd[26316]: read rip_update scheduled from ripd.c:2887 zebra[26202]: client 13 disconnected. 0 rip routes removed from the rib
Still investigating. Maybe also an local error due to configuration.
Works: =quagga-0.99.23.1 No crashes. Crashes on the newer ebuilds (up to latest): getrusage(RUSAGE_SELF, {ru_utime={0, 16000}, ru_stime={0, 12000}, ...}) = 0 select(1024, [5 6 7 8 9], [], [], {0, 953356}) = 0 (Timeout) getrusage(RUSAGE_SELF, {ru_utime={0, 16000}, ru_stime={0, 12000}, ...}) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} --- Some memory map error.
Sent about that into quagga mailing list.
Meanwhile a patch was provided: I will test it as soon as possible. Probably today. From Donald Sharp: The rip_output_process function dereferenced a NULL pointer. Core file examination showed that tmp_rinfo was NULL on line 2435. Looking at the last diff associated with this commit, it was obvious that a formating mistake had been made in the loop over the route nodes list of possible paths. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reported-by: Sebastian Kricner <sebastian.kricner@tuxwave.net> --- ripd/ripd.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ripd/ripd.c b/ripd/ripd.c index 82b1ada..0beb0e6 100644 --- a/ripd/ripd.c +++ b/ripd/ripd.c @@ -2429,12 +2429,14 @@ rip_output_process (struct connected *ifc, struct sockaddr_in *to, struct rip_info *tmp_rinfo = NULL; for (ALL_LIST_ELEMENTS_RO (list, listnode, tmp_rinfo)) - if (tmp_rinfo->type == ZEBRA_ROUTE_RIP && - tmp_rinfo->ifindex == ifc->ifp->ifindex) - rinfo->metric_out = RIP_METRIC_INFINITY; - if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT && - prefix_match((struct prefix *)p, ifc->address)) - rinfo->metric_out = RIP_METRIC_INFINITY; + { + if (tmp_rinfo->type == ZEBRA_ROUTE_RIP && + tmp_rinfo->ifindex == ifc->ifp->ifindex) + rinfo->metric_out = RIP_METRIC_INFINITY; + if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT && + prefix_match((struct prefix *)p, ifc->address)) + rinfo->metric_out = RIP_METRIC_INFINITY; + } } /* Prepare preamble, auth headers, if needs be */ -- 1.9.1
Also Donald Sharp could reproduce the error.
Created attachment 430018 [details] New ebuild for quagga-1.0.20160315
Created attachment 430020 [details, diff] Quagga ripd patch for quagga-1.0.20160315-r1
Attached new ebuild and patch for quagga-1.0.20160315 Upstream may also release a new version.
Comment to gain notice for maintainer.
FIXED and TEST-REQUEST statuses are meant to apply into portage tree, nor the upstream issue. So, currently it's not fixed But anyway, thanks for your work on deliviring this issue to upstream, i will look on it soon...
commit ca6d97524c94cc87abce4d9b3281d6e6be646838 Author: Sergey Popov <pinkbyte@gentoo.org> Date: Tue Apr 12 16:02:00 2016 +0300 net-misc/quagga: revision bump Fix NULL pointer dereference in ripd Commited straight to stable Reported-by: Sebastian Kricner <sebastian.kricner@tuxwave.net> Acked-by: Sergey Popov <pinkbyte@gentoo.org> Gentoo-Bug: 579386 Package-Manager: portage-2.2.28 RepoMan-Options: --force
