diff options
| -rw-r--r-- | sys/net/if_ethersubr.c | 5 | ||||
| -rw-r--r-- | sys/net/rtsock.c | 22 |
2 files changed, 24 insertions, 3 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 48295ae..13be403 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 - * $Id: if_ethersubr.c,v 1.34 1997/03/24 11:33:11 bde Exp $ + * $Id: if_ethersubr.c,v 1.35 1997/05/10 10:01:31 jhay Exp $ */ #include <sys/param.h> @@ -792,6 +792,9 @@ ether_resolvemulti(ifp, llsa, sa) switch(sa->sa_family) { case AF_LINK: + /* + * No mapping needed. Just check that it's a valid MC address. + */ sdl = (struct sockaddr_dl *)sa; e_addr = LLADDR(sdl); if ((e_addr[0] & 1) != 1) diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index ae1a900..79149e5 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)rtsock.c 8.5 (Berkeley) 11/2/94 - * $Id: rtsock.c,v 1.26 1997/02/22 09:41:15 peter Exp $ + * $Id: rtsock.c,v 1.27 1997/04/27 20:01:00 wollman Exp $ */ @@ -506,6 +506,10 @@ rt_setmetrics(which, in, out) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) +/* + * Extract the addresses of the passed sockaddrs. + * Do a little sanity checking so as to avoid bad memory references. + */ static void rt_xaddrs(cp, cplim, rtinfo) register caddr_t cp, cplim; @@ -515,9 +519,23 @@ rt_xaddrs(cp, cplim, rtinfo) register int i; bzero(rtinfo->rti_info, sizeof(rtinfo->rti_info)); - for (i = 0; (i < RTAX_MAX) && (cp < cplim); i++) { + for (i = 0; i < RTAX_MAX; i++) { if ((rtinfo->rti_addrs & (1 << i)) == 0) continue; + /* + * It won't fit. Pretend it doesn't exist. + * Would return EINVAL if not void + */ + if ( (cp + sa->sa_len) > cplim ) + return; + /* + * there are no more.. quit now + * If there are more bits, they are in error. + * I've seen this. route(1) can evidently generate these. + * This causes kernel to core dump. + */ + if (sa->sa_len == 0) + return; rtinfo->rti_info[i] = sa = (struct sockaddr *)cp; ADVANCE(cp, sa); } |
