Currently the counter of tt_local_entry structures (tt_local_num) is incremented each time the tt_local_reset_flags() is invoked causing the node to send wrong TT_REPONSE packets containing a copy of non-initialised memory thus corrupting other nodes global translation table and making higher level communication impossible.
Reported-by: Junkeun Song jun361@gmail.com Signed-off-by: Antonio Quartulli ordex@autistici.org Acked-by: Junkeun Song jun361@gmail.com --- translation-table.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/translation-table.c b/translation-table.c index 2d2cfc1..d4a3917 100644 --- a/translation-table.c +++ b/translation-table.c @@ -1727,6 +1727,8 @@ static void tt_local_reset_flags(struct bat_priv *bat_priv, uint16_t flags) rcu_read_lock(); hlist_for_each_entry_rcu(tt_local_entry, node, head, hash_entry) { + if (!(tt_local_entry->flags & flags)) + continue; tt_local_entry->flags &= ~flags; atomic_inc(&bat_priv->num_local_tt); }
On Sunday, October 16, 2011 18:53:37 Antonio Quartulli wrote:
Currently the counter of tt_local_entry structures (tt_local_num) is incremented each time the tt_local_reset_flags() is invoked causing the node to send wrong TT_REPONSE packets containing a copy of non-initialised memory thus corrupting other nodes global translation table and making higher level communication impossible.
Applied in revision d1b1d7c.
Thanks, Marek
b.a.t.m.a.n@lists.open-mesh.org