diff options
Diffstat (limited to 'sys/net/rtsock.c')
-rw-r--r-- | sys/net/rtsock.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index ae1a900..79149e5 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)rtsock.c 8.5 (Berkeley) 11/2/94 - * $Id: rtsock.c,v 1.26 1997/02/22 09:41:15 peter Exp $ + * $Id: rtsock.c,v 1.27 1997/04/27 20:01:00 wollman Exp $ */ @@ -506,6 +506,10 @@ rt_setmetrics(which, in, out) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) +/* + * Extract the addresses of the passed sockaddrs. + * Do a little sanity checking so as to avoid bad memory references. + */ static void rt_xaddrs(cp, cplim, rtinfo) register caddr_t cp, cplim; @@ -515,9 +519,23 @@ rt_xaddrs(cp, cplim, rtinfo) register int i; bzero(rtinfo->rti_info, sizeof(rtinfo->rti_info)); - for (i = 0; (i < RTAX_MAX) && (cp < cplim); i++) { + for (i = 0; i < RTAX_MAX; i++) { if ((rtinfo->rti_addrs & (1 << i)) == 0) continue; + /* + * It won't fit. Pretend it doesn't exist. + * Would return EINVAL if not void + */ + if ( (cp + sa->sa_len) > cplim ) + return; + /* + * there are no more.. quit now + * If there are more bits, they are in error. + * I've seen this. route(1) can evidently generate these. + * This causes kernel to core dump. + */ + if (sa->sa_len == 0) + return; rtinfo->rti_info[i] = sa = (struct sockaddr *)cp; ADVANCE(cp, sa); } |