Routing table name lookup failure

[Andrew Kraslavsky]

Hello,

I am using:
 
libnl version 3.0
Linux kernel version 2.6.35.12

I have encountered a problem where, if I call rtnl_route_read_table_names, subsequent calls to  rtnl_route_table2str return the ID as a hexadecimal string (e.g. "0xFE") instead of the name (e.g. "main") of the table. Sometimes, after calling rtnl_route_read_table_names my program will crash due to memory corruption. Please note that /etc/iproute2/rt_tables has not been modified.

Here's the call sequence:

if( rtnl_route_read_table_names( "/etc/iproute2/rt_tables" ) == 0 ){



    char buf[32];





    printf( "Name: %s\n",  rtnl_route_table2str( 254, buf, sizeof( buf ) ) );

}

The print statement should show "mainline" but instead shows "0xFE".

I think I have tracked the problem down to __trans_list_clear, which is called by rtnl_route_read_table_names to flush any existing table_names list entries before repopulating it based on the contents of the specified file.

in __trans_list_clear, all entries are freed but the list head's previous and next pointers are not reset so the list continues to hold references to freed memory.

I created and applied the patch listed below to address this and it seems to do the trick.  Please take a look at it and see if it will be of use.

==== //tps/libnl/3.0/mainline/src/lib/utils.c#3 .../src/lib/utils.c ====

@@ -854,16 +854,17 @@

 void __trans_list_clear(struct nl_list_head *head)

 {

        struct trans_list *tl, *next;

 

        nl_list_for_each_entry_safe(tl, next, head, list) {

                free(tl->a);

                free(tl);

        }

+       nl_init_list_head(head);

 }

Thank you,

- Andrew