diff options
| author | glebius <glebius@FreeBSD.org> | 2016-08-02 13:57:20 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2016-08-02 13:57:20 +0000 |
| commit | e59dbf9d991a8bccc8d2fd6f12677745e9e7873e (patch) | |
| tree | 2b7343a3b844eb21bfeb10ad6f8c3fcc9396d3c2 | |
| parent | 07c6b204dbd0fadea2627964d53153e605e07a51 (diff) | |
| download | FreeBSD-src-e59dbf9d991a8bccc8d2fd6f12677745e9e7873e.zip FreeBSD-src-e59dbf9d991a8bccc8d2fd6f12677745e9e7873e.tar.gz | |
Merge r303263:
Partially revert r257696/r257713, which have an issue with writing to user
controlled address. Restore the old code that emulated OSIOCGIFCONF in if.c.
Approved by: re (kib)
| -rw-r--r-- | sys/compat/svr4/svr4_sockio.c | 19 | ||||
| -rw-r--r-- | sys/net/if.c | 13 |
2 files changed, 18 insertions, 14 deletions
diff --git a/sys/compat/svr4/svr4_sockio.c b/sys/compat/svr4/svr4_sockio.c index 6e10e3f..9b7f994 100644 --- a/sys/compat/svr4/svr4_sockio.c +++ b/sys/compat/svr4/svr4_sockio.c @@ -73,6 +73,8 @@ bsd_to_svr4_flags(bf) return sf; } +#define OSIOCGIFCONF _IOWR('i', 20, struct ifconf) + int svr4_sock_ioctl(fp, td, retval, fd, cmd, data) struct file *fp; @@ -144,7 +146,6 @@ svr4_sock_ioctl(fp, td, retval, fd, cmd, data) case SVR4_SIOCGIFCONF: { struct svr4_ifconf sc; - struct ifconf *ifc; if ((error = copyin(data, &sc, sizeof(sc))) != 0) return error; @@ -153,19 +154,9 @@ svr4_sock_ioctl(fp, td, retval, fd, cmd, data) sizeof(struct ifreq), sizeof(struct svr4_ifreq), sc.svr4_ifc_len)); - ifc = (struct ifconf *)≻ - ifc->ifc_req->ifr_addr.sa_family = - sc.svr4_ifc_req->svr4_ifr_addr.sa_family; - ifc->ifc_req->ifr_addr.sa_len = - sizeof(struct osockaddr); - - error = fo_ioctl(fp, SIOCGIFCONF, &sc, td->td_ucred, - td); - - sc.svr4_ifc_req->svr4_ifr_addr.sa_family = - ifc->ifc_req->ifr_addr.sa_family; - - if (error != 0) + if ((error = fo_ioctl(fp, OSIOCGIFCONF, + (caddr_t) &sc, td->td_ucred, + td)) != 0) return error; DPRINTF(("SIOCGIFCONF\n")); diff --git a/sys/net/if.c b/sys/net/if.c index 0fd66c9..f0b11b3 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -2699,6 +2699,9 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) return (error); } +/* COMPAT_SVR4 */ +#define OSIOCGIFCONF _IOWR('i', 20, struct ifconf) + #ifdef COMPAT_FREEBSD32 struct ifconf32 { int32_t ifc_len; @@ -2738,6 +2741,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct thread *td) switch (cmd) { case SIOCGIFCONF: + case OSIOCGIFCONF: /* COMPAT_SVR4 */ error = ifconf(cmd, data); CURVNET_RESTORE(); return (error); @@ -3009,6 +3013,15 @@ again: if (prison_if(curthread->td_ucred, sa) != 0) continue; addrs++; + /* COMPAT_SVR4 */ + if (cmd == OSIOCGIFCONF) { + struct osockaddr *osa = + (struct osockaddr *)&ifr.ifr_addr; + ifr.ifr_addr = *sa; + osa->sa_family = sa->sa_family; + sbuf_bcat(sb, &ifr, sizeof(ifr)); + max_len += sizeof(ifr); + } else if (sa->sa_len <= sizeof(*sa)) { ifr.ifr_addr = *sa; sbuf_bcat(sb, &ifr, sizeof(ifr)); |
