The following commit has been merged in the master branch: commit a5331fbea6ce9cb975789d7f00e0f32aac510c1f Author: Marek Lindner lindner_marek@yahoo.de Date: Sat Feb 3 18:55:42 2007 +0100
fix heap corruption while sending vis packets
diff --git a/batman.c b/batman.c index bb69bdc..0371f4c 100644 --- a/batman.c +++ b/batman.c @@ -864,6 +864,8 @@ void send_outstanding_packets() {
debug_output( 4, "Forwarding packet (originator %s, seqno %d, TTL %d) on interface %s\n", orig_str, ((struct packet *)forw_node->pack_buff)->seqno, ((struct packet *)forw_node->pack_buff)->ttl, batman_if->dev );
+ ((struct packet *)forw_node->pack_buff)->seqno = htons( ((struct packet *)forw_node->pack_buff)->seqno ); /* change sequence number to network order */ + /* non-primary interfaces do not send hna information */ if ( ( forw_node->own ) && ( ((struct packet *)forw_node->pack_buff)->orig != ((struct batman_if *)if_list.next)->addr.sin_addr.s_addr ) ) {
diff --git a/linux.c b/linux.c index 71850c0..00b2b4a 100644 --- a/linux.c +++ b/linux.c @@ -112,7 +112,7 @@ int32_t get_forwarding(void) return state; }
-int8_t bind_to_iface( int32_t udp_recv_sock, char *dev ) { +int8_t bind_to_iface( int32_t sock, char *dev ) {
char *colon_ptr;
@@ -120,7 +120,7 @@ int8_t bind_to_iface( int32_t udp_recv_sock, char *dev ) { if ( ( colon_ptr = strchr( dev, ':' ) ) != NULL ) *colon_ptr = '\0';
- if ( setsockopt( udp_recv_sock, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen ( dev ) + 1 ) < 0 ) { + if ( setsockopt( sock, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen ( dev ) + 1 ) < 0 ) {
debug_output( 0, "Cannot bind socket to device %s : %s \n", dev, strerror(errno) ); return -1; diff --git a/os.h b/os.h index 11986c9..50d2332 100644 --- a/os.h +++ b/os.h @@ -38,7 +38,7 @@ int8_t receive_packet( unsigned char *packet_buff, int32_t packet_buff_len, int1
int8_t send_packet( unsigned char *packet_buff, int packet_buff_len, struct sockaddr_in *broad, int send_sock ); int32_t rand_num( int32_t limit ); -int8_t bind_to_iface( int32_t udp_recv_sock, char *dev ); +int8_t bind_to_iface( int32_t sock, char *dev ); int8_t probe_tun(); int8_t del_dev_tun( int32_t fd ); int8_t add_dev_tun( struct batman_if *batman_if, uint32_t dest_addr, char *tun_dev, size_t tun_dev_size, int32_t *fd ); diff --git a/posix-specific.c b/posix-specific.c index f2a365f..09e29cd 100644 --- a/posix-specific.c +++ b/posix-specific.c @@ -1353,8 +1353,6 @@ int8_t receive_packet( unsigned char *packet_buff, int32_t packet_buff_len, int1
int8_t send_packet( unsigned char *packet_buff, int32_t packet_buff_len, struct sockaddr_in *broad, int32_t send_sock ) {
- ((struct packet *)packet_buff)->seqno = htons( ((struct packet *)packet_buff)->seqno ); /* change sequence number to network order */ - if ( sendto( send_sock, packet_buff, packet_buff_len, 0, (struct sockaddr *)broad, sizeof(struct sockaddr_in) ) < 0 ) {
if ( errno == 1 ) {