summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbz <bz@FreeBSD.org>2016-02-07 22:53:03 +0000
committerbz <bz@FreeBSD.org>2016-02-07 22:53:03 +0000
commit6b0dbb3b46a79900978eaf6d04c03edb0c857e5b (patch)
tree6b1b784ea602712ddf2166163226674f1500dc3c
parentf97dd8fd40358fe1b7b39c278fdc20fbd9bacfe2 (diff)
downloadFreeBSD-src-6b0dbb3b46a79900978eaf6d04c03edb0c857e5b.zip
FreeBSD-src-6b0dbb3b46a79900978eaf6d04c03edb0c857e5b.tar.gz
MFC r295202:
Try to fix a bug introduced in r228623 (head). We started to copy the ifa_msghdr as otherwise platforms with strict alignment would break. It is unclear to me if there's also a problem with access to the address list following the structure. However we never copied the address list after the structure and thus are pointing at random memory. For now just use a pointer to the original memory for accessing the address list making it at least work on platforms with weak memory access. PR: 195445 Reported by: wolfgang lyxys.ka.sub.org Tested by: wolfgang lyxys.ka.sub.org (x86) Approved by: re (marius)
-rw-r--r--contrib/bsnmp/snmp_mibII/mibII.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/contrib/bsnmp/snmp_mibII/mibII.c b/contrib/bsnmp/snmp_mibII/mibII.c
index d3fe27a..e47f453 100644
--- a/contrib/bsnmp/snmp_mibII/mibII.c
+++ b/contrib/bsnmp/snmp_mibII/mibII.c
@@ -969,7 +969,7 @@ handle_rtmsg(struct rt_msghdr *rtm)
{
struct sockaddr *addrs[RTAX_MAX];
struct if_msghdr *ifm;
- struct ifa_msghdr ifam;
+ struct ifa_msghdr ifam, *ifamp;
struct ifma_msghdr *ifmam;
#ifdef RTM_IFANNOUNCE
struct if_announcemsghdr *ifan;
@@ -989,8 +989,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
switch (rtm->rtm_type) {
case RTM_NEWADDR:
- memcpy(&ifam, rtm, sizeof(ifam));
- mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
+ ifamp = (struct ifa_msghdr *)rtm;
+ memcpy(&ifam, ifamp, sizeof(ifam));
+ mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
if (addrs[RTAX_IFA] == NULL || addrs[RTAX_NETMASK] == NULL)
break;
@@ -1016,8 +1017,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
break;
case RTM_DELADDR:
- memcpy(&ifam, rtm, sizeof(ifam));
- mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
+ ifamp = (struct ifa_msghdr *)rtm;
+ memcpy(&ifam, ifamp, sizeof(ifam));
+ mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
if (addrs[RTAX_IFA] == NULL)
break;
OpenPOWER on IntegriCloud