diff options
author | archie <archie@FreeBSD.org> | 1999-06-05 05:55:07 +0000 |
---|---|---|
committer | archie <archie@FreeBSD.org> | 1999-06-05 05:55:07 +0000 |
commit | 9cf3e817878a26fda221f78495625164f5fd020c (patch) | |
tree | 1354d71e88ec43727765e6112f1b550962ed43dc /usr.sbin/pppd/sys-bsd.c | |
parent | d7f89ddca7bda593e462c757e7236f7be265b7ba (diff) | |
download | FreeBSD-src-9cf3e817878a26fda221f78495625164f5fd020c.zip FreeBSD-src-9cf3e817878a26fda221f78495625164f5fd020c.tar.gz |
When incrementing through a SIOCGIFCONF list, enforce a lower limit of
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.
Obtained from: Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
Diffstat (limited to 'usr.sbin/pppd/sys-bsd.c')
-rw-r--r-- | usr.sbin/pppd/sys-bsd.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/usr.sbin/pppd/sys-bsd.c b/usr.sbin/pppd/sys-bsd.c index 41ff444..32f3ae4 100644 --- a/usr.sbin/pppd/sys-bsd.c +++ b/usr.sbin/pppd/sys-bsd.c @@ -21,7 +21,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: sys-bsd.c,v 1.14 1998/06/20 18:02:16 peter Exp $"; +static char rcsid[] = "$Id: sys-bsd.c,v 1.15 1998/06/21 04:47:21 peter Exp $"; #endif /* $NetBSD: sys-bsd.c,v 1.1.1.3 1997/09/26 18:53:04 christos Exp $ */ @@ -1378,8 +1378,9 @@ get_ether_addr(ipaddr, hwaddr) * address on the same subnet as `ipaddr'. */ ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *) - ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) { + for (ifr = ifc.ifc_req; ifr < ifend; + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)))) { if (ifr->ifr_addr.sa_family == AF_INET) { ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr; strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); @@ -1425,7 +1426,8 @@ get_ether_addr(ipaddr, hwaddr) BCOPY(dla, hwaddr, dla->sdl_len); return 1; } - ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len); + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr))); } return 0; @@ -1468,8 +1470,9 @@ GetMask(addr) return mask; } ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *) - ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) { + for (ifr = ifc.ifc_req; ifr < ifend; + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)))) { /* * Check the interface's internet address. */ |