diff options
author | phk <phk@FreeBSD.org> | 1998-04-22 06:54:31 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 1998-04-22 06:54:31 +0000 |
commit | d11d4df3a2ffd76685a2c2dc1451bfa6dbdf9aa3 (patch) | |
tree | e1de9406f748e8d6b12d039f759269f8d6e36b9b /usr.bin | |
parent | bd583b94c40db2b1c0c0274376aae4966b6d97aa (diff) | |
download | FreeBSD-src-d11d4df3a2ffd76685a2c2dc1451bfa6dbdf9aa3.zip FreeBSD-src-d11d4df3a2ffd76685a2c2dc1451bfa6dbdf9aa3.tar.gz |
netstat truncates info in sockaddr* between kgetsa and p_sockaddr
by dereferencing pointer to smaller structure
PR: 5256
Reviewed by: phk
Submitted by: Gregory D. Moncreaff <moncrg@bt340707.res.ray.com>
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/netstat/route.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/usr.bin/netstat/route.c b/usr.bin/netstat/route.c index 18e39c3..fd76978 100644 --- a/usr.bin/netstat/route.c +++ b/usr.bin/netstat/route.c @@ -36,7 +36,7 @@ static char sccsid[] = "From: @(#)route.c 8.6 (Berkeley) 4/28/95"; #endif static const char rcsid[] = - "$Id: route.c,v 1.28 1997/07/29 06:51:41 charnier Exp $"; + "$Id: route.c,v 1.29 1998/04/19 18:18:25 phk Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -99,10 +99,12 @@ struct bits { { 0 } }; -static union { +typedef union { struct sockaddr u_sa; u_short u_data[128]; -} pt_u; +} sa_u; + +static sa_u pt_u; int do_rtent = 0; struct rtentry rtentry; @@ -510,7 +512,7 @@ p_rtentry(rt) static char name[16]; static char prettyname[9]; struct sockaddr *sa; - struct sockaddr addr, mask; + sa_u addr, mask; /* * Don't print protocol-cloned routes unless -a. @@ -518,14 +520,14 @@ p_rtentry(rt) if (rt->rt_parent && !aflag) return; - if (!(sa = kgetsa(rt_key(rt)))) - bzero(&addr, sizeof addr); - else - addr = *sa; - if (!rt_mask(rt) || !(sa = kgetsa(rt_mask(rt)))) - bzero(&mask, sizeof mask); - else - mask = *sa; + bzero(&addr, sizeof addr); + if ((sa = kgetsa(rt_key(rt)))) + bcopy(sa,&addr,sa->sa_len); + + bzero(&mask, sizeof mask); + if (rt_mask(rt) && (sa = kgetsa(rt_mask(rt)))) + bcopy(sa,&mask,sa->sa_len); + p_sockaddr(&addr, &mask, rt->rt_flags, WID_DST); p_sockaddr(kgetsa(rt->rt_gateway), NULL, RTF_HOST, WID_GW); p_flags(rt->rt_flags, "%-6.6s "); |