When incrementing through a SIOCGIFCONF list, enforce a lower limit of

sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len. Otherwise the increment will be wrong in certain cases. Obtained from: Whistle source tree For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
1999-06-05 05:55:07 +00:00 · 1999-06-05 05:55:07 +00:00 · eed2b804bf
parent 3816c56cc1
commit eed2b804bf
3 changed files with 15 additions and 9 deletions
--- a/sbin/natd/natd.c
+++ b/sbin/natd/natd.c
@ -9,7 +9,7 @@
 *
 * Ari Suutari <suutari@iki.fi>
 *
- *	$Id: natd.c,v 1.16 1999/05/13 16:58:31 brian Exp $
+ *	$Id: natd.c,v 1.17 1999/05/13 17:09:44 brian Exp $
 */

 #define SYSLOG_NAMES
@ -762,6 +762,8 @@ static void SetAliasAddressFromIfName (char* ifn)
 		}

 		extra = ifPtr->ifr_addr.sa_len - sizeof (struct sockaddr);
+		if (extra < 0)
+			extra = 0;

 		ifPtr++;
 		ifPtr = (struct ifreq*) ((char*) ifPtr + extra);
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)route.c	8.3 (Berkeley) 3/19/94";
 #endif
 static const char rcsid[] =
-	"$Id: route.c,v 1.29 1998/07/28 06:25:35 charnier Exp $";
+	"$Id: route.c,v 1.30 1999/06/01 13:14:07 ru Exp $";
 #endif /* not lint */

 #include <sys/param.h>
@ -794,7 +794,8 @@ getaddr(which, s, hpp)
 				(ifconf.ifc_buf + ifconf.ifc_len);
 			    ifr < ifr_end;
 			    ifr = (struct ifreq *) ((char *) &ifr->ifr_addr
-						    + ifr->ifr_addr.sa_len)) {
+				    + MAX(ifr->ifr_addr.sa_len,
+					sizeof(ifr->ifr_addr)))) {
 				dl = (struct sockaddr_dl *)&ifr->ifr_addr;
 				if (ifr->ifr_addr.sa_family == AF_LINK
 				    && (ifr->ifr_flags & IFF_POINTOPOINT)
--- a/usr.sbin/pppd/sys-bsd.c
+++ b/usr.sbin/pppd/sys-bsd.c
@ -21,7 +21,7 @@
 */

 #ifndef lint
-static char rcsid[] = "$Id: sys-bsd.c,v 1.14 1998/06/20 18:02:16 peter Exp $";
+static char rcsid[] = "$Id: sys-bsd.c,v 1.15 1998/06/21 04:47:21 peter Exp $";
 #endif
 /*	$NetBSD: sys-bsd.c,v 1.1.1.3 1997/09/26 18:53:04 christos Exp $	*/

@ -1378,8 +1378,9 @@ get_ether_addr(ipaddr, hwaddr)
     * address on the same subnet as `ipaddr'.
     */
    ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
-    for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *)
-	 	((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) {
+    for (ifr = ifc.ifc_req; ifr < ifend;
+		ifr = (struct ifreq *) ((char *)&ifr->ifr_addr
+		    + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)))) {
 	if (ifr->ifr_addr.sa_family == AF_INET) {
 	    ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr;
 	    strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name));
@ -1425,7 +1426,8 @@ get_ether_addr(ipaddr, hwaddr)
 	    BCOPY(dla, hwaddr, dla->sdl_len);
 	    return 1;
 	}
-	ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len);
+	ifr = (struct ifreq *) ((char *)&ifr->ifr_addr
+	    + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)));
    }

    return 0;
@ -1468,8 +1470,9 @@ GetMask(addr)
 	return mask;
    }
    ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
-    for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *)
-	 	((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) {
+    for (ifr = ifc.ifc_req; ifr < ifend;
+		ifr = (struct ifreq *) ((char *)&ifr->ifr_addr
+		    + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)))) {
 	/*
 	 * Check the interface's internet address.
 	 */