#14577: Segmentation fault in arptables
------------------------------+---------------------------------
Reporter: ronaldo | Owner: developers
Type: defect | Status: new
Priority: response-needed | Milestone: Chaos Calmer 15.05
Component: packages | Version: Trunk
Resolution: | Keywords: arptables, firewall
------------------------------+---------------------------------
Comment (by glen@…):
This is an alignment problem.
The following patch changes the alignment of "struct in_addr" from 4 to 2.
trunk/target/linux/ar71xx/patches-4.1/910-unaligned_access_hacks.patch
{{{
/* Internet address. */
struct in_addr {
__be32 s_addr;
} __attribute__((packed, aligned(2)));
}}}
As a result, the alignment of "struct arpt_arp" is also reduced to 2.
From the kernel perspective, sizeof(struct arpt_arp) = 162.
From the userspace perspective, sizeof(struct arpt_arp) = 164.
The kernel layout for "struct arpt_entry" is something like...
{{{
160 __u16 arp.invflags;
162 __u16 target_offset;
164 __u16 next_offset;
166 __u16 __padding__
}}}
The userspace layout for "struct arpt_entry" is something like...
{{{
160 __u16 arp.invflags;
162 __u16 __padding__
164 __u16 target_offset;
166 __u16 next_offset;
}}}
When arptables iterates over "struct arpt_entry" items, next_offset == 0
and the same entry is processed repeatedly until the segmentation fault is
triggered.
--
Ticket URL: <https://dev.openwrt.org/ticket/14577#comment:5>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
