[OpenSER-Devel] [ openser-Bugs-1888101 ] Patch to bug in hash.c (permission module)

SourceForge.net noreply at sourceforge.net
Mon Jul 7 08:47:23 CEST 2008 

Bugs item #1888101, was opened at 2008-02-06 19:29
Message generated for change (Comment added) made by gcoriasco
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1888101&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.3.x
Status: Closed
Resolution: Fixed
Priority: 5
Private: No
Submitted By: Giovanni Coriasco (gcoriasco)
Assigned to: Henning Westerholt (henningw)
Summary: Patch to bug in hash.c (permission module)

Initial Comment:
I'm running an Openser version 1.3.0 on a Linux machine.

I think I found a bug in the "permissions" module. The allow_address() and allow_source_address() operate properly only with /0, /8, /16, /24, /32 netmasks so far.

The problem is in the fact that a shift operator (<<) is used with addresses in network byte order.

In fact, an IP address A.B.C.D has the following form in network byte order:

ddddddddccccccccbbbbbbbbaaaaaaaa

where the aaa are the bits (in LITTLE endian format) of the byte A.

The problem with the shift operation is that the byte order is BIG endian, BUT each byte has a LITTLE endian order for its bits.

Instead, in host byte order, both bits and bytes have little endian format and you just have to invert the shift operation (<< to >> and >> to <<).

The patch I wrote converts the address to host byte order before shifting and convert back the result to network byte order.
 

----------------------------------------------------------------------

>Comment By: Giovanni Coriasco (gcoriasco)
Date: 2008-07-07 08:47

Message:
Logged In: YES 
user_id=2002223
Originator: YES

Ok!

Please let me know if it does work

Bye

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-07-04 18:09

Message:
Logged In: YES 
user_id=337916
Originator: NO

backported to 1.3

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-06-30 12:44

Message:
Logged In: YES 
user_id=337916
Originator: NO

I've applied the patch to the trunk and also added a small test case for
this bug (35.sh). I'll backport it to the 1.3 branch in a few days.

Thanks,

Henning

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-06-27 17:45

Message:
Logged In: YES 
user_id=337916
Originator: NO

I'll take a look.

Henning

----------------------------------------------------------------------

Comment By: Giovanni Coriasco (gcoriasco)
Date: 2008-06-26 15:07

Message:
Logged In: YES 
user_id=2002223
Originator: YES

Hi,

Yeah, I'm running the patch in production

Concerning bug 1925738, I don't think it is the same issue cause
allow_trusted operates only on single host addresses, not network
addresses, so that subnetwork information is not used. Otherwise, the bug I
think to have found relates to subnetwork address calculation.

Giovanni

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-06-26 14:56

Message:
Logged In: YES 
user_id=337916
Originator: NO

Hi,

i found also another bug, 1925738 that is perhaps related to this one. Do
you run this patch in production?

Henning

----------------------------------------------------------------------

Comment By: Giovanni Coriasco (gcoriasco)
Date: 2008-06-26 14:49

Message:
Logged In: YES 
user_id=2002223
Originator: YES

Hi Henning,
I'm using a virtual machine with i386 architecture, running on a Intel(R)
Xeon(TM) CPU 3.20GHz server. The OS is a Linux Slackware

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-06-26 13:44

Message:
Logged In: YES 
user_id=337916
Originator: NO

Hi Giovanni,

i looks that this bug is still not fixed. Do run OpenSER on a certain (not
that common) architecture? Otherwise i would think that more people would
run into this bug..

Cheers,

Henning

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-03-10 16:24

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Giovanni,

This looks like a bug, so I re-posting your message accordingly.

Thanks and Regards,
Bogdan 


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1888101&group_id=139143

More information about the Devel mailing list