Fixing bogus classful routes on Android-2.1 (Cernko, Patrick)

I discovered a serious bug in Android-2.1 for mobile phones. The network stack adds classful routes for CLASS-A and CLASS-B networks. I did not verify if it does too for CLASS-C networks, but in almost all cases, this does not affect connectivity.

For CLASS-A and CLASS-B networks it is mostly fatal. Mostly those networks are sub-divided by their owners, e.g. Universities or Max Planck Institutes. Adding a direct route to the whole CLASS-A or CLASS-B net will mostly break network connectivity nearly completely because for example the local DNS servers are not reachable any more if they are in a different (CIDR) network of the owners net.

To solve this issue, I decided to write a small tool which must be installed on a (rooted) phone. The tool is a small program written in C. It reads out the system's network routes and tries to find thoses bogus classful routes. If it finds one, it tries to delete it.

The same algorithm could be coded with a shell script but I assume you won't succeed with it: To fix the error automatically, you have to hook the code into the DHCP client. As the client does not run as root on the phone, the shell code won't have success removing the route. That's why I use a binary, which I installed on the phone with the suid-root bit set: Although the DHCP client runs as non-root, the route-fix binary started by it's hook scripts will run as root.

The code is published under GNU General Public License.

• route-fix-0.1.tar.gz