a1b4a274d4
netns_map_add() does a malloc of (sizeof (struct nsid_cache) + strlen(name)) and then proceed with strcpy() of name into the zero-length member at the end of the nsid_cache structure. The nul-terminator is written outside of the allocated memory and may overwrite the allocator's internal structure. This can trigger a segmentation fault on i386 uclibc with names of size 8: after the corruption occurs, the call to closedir() on netns_map_init() crashes while freeing the DIR structure. Here is the relevant valgrind output: ==1251== Memcheck, a memory error detector ==1251== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==1251== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==1251== Command: ./ip netns ==1251== ==1251== Invalid write of size 1 ==1251== at 0x4011975: strcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==1251== by 0x8058B00: netns_map_add (ipnetns.c:181) ==1251== by 0x8058E2A: netns_map_init (ipnetns.c:226) ==1251== by 0x8058E79: do_netns (ipnetns.c:776) ==1251== by 0x804D9FF: do_cmd (ip.c:110) ==1251== by 0x804D814: main (ip.c:300) |
||
|---|---|---|
| bridge | ||
| doc | ||
| etc/iproute2 | ||
| examples | ||
| genl | ||
| include | ||
| ip | ||
| lib | ||
| man | ||
| misc | ||
| netem | ||
| tc | ||
| testsuite | ||
| tipc | ||
| .gitignore | ||
| COPYING | ||
| Makefile | ||
| README | ||
| README.decnet | ||
| README.devel | ||
| README.distribution | ||
| README.iproute2+tc | ||
| README.lnstat | ||
| configure | ||
README
This is a set of utilities for Linux networking.
Information:
http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
Download:
http://www.kernel.org/pub/linux/utils/net/iproute2/
Repository:
git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
How to compile this.
--------------------
1. libdbm
arpd needs to have the db4 development libraries. For Debian
users this is the package with a name like libdb4.x-dev.
DBM_INCLUDE points to the directory with db_185.h which
is the include file used by arpd to get to the old format Berkeley
database routines. Often this is in the db-devel package.
2. make
The makefile will automatically build a Config file which
contains whether or not ATM is available, etc.
3. To make documentation, cd to doc/ directory , then
look at start of Makefile and set correct values for
PAGESIZE=a4 , ie: a4 , letter ... (string)
PAGESPERPAGE=2 , ie: 1 , 2 ... (numeric)
and make there. It assumes, that latex, dvips and psnup
are in your path.
4. This package includes matching sanitized kernel headers because
the build environment may not have up to date versions. See Makefile
if you have special requirements and need to point at different
kernel include files.
Stephen Hemminger
stephen@networkplumber.org
Alexey Kuznetsov
kuznet@ms2.inr.ac.ru