I had been experiencing routed(8) dumping core in about five minutes
after rebooting my box for several months. A string buffer in
rtm_type_name() of src/sbin/routed/table.c was overrun if the string
appropriate to the argument of rtm_type_name() was not found. The
router is a box running Solaris 2.6.
The following patch should fix this problem. With this patch routed(8)
in my box is running just fine for more than two days.
--- table.c.org Fri Sep 17 03:50:10 1999
+++ table.c Sat Mar 11 15:03:09 2000
@@ -617,6 +617,7 @@
}
+#define NAME0_LEN 14
static const char *
rtm_type_name(u_char type)
{
@@ -636,12 +637,12 @@
"RTM_DELADDR",
"RTM_IFINFO"
};
- static char name0[10];
+ static char name0[NAME0_LEN];
if (type > sizeof(rtm_types)/sizeof(rtm_types[0])
|| type == 0) {
- sprintf(name0, "RTM type %#x", type);
+ snprintf(name0, NAME0_LEN, "RTM type %#x", type);
return name0;
} else {
return rtm_types[type-1];
--
Seigo Tanimura <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
