From patchwork Thu Jun 5 15:48:34 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Schwab X-Patchwork-Id: 356516 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id DF84714008F for ; Fri, 6 Jun 2014 01:49:05 +1000 (EST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; q=dns; s=default; b=s8WBYzBmIgIiPMvadtUVk+CGQZmqp nGj3YZpig6axH+LYz/7xMmT2XZBbx1mnfcoSF+fFW/gLPdAMG6cV8j3VdBRutjpn nbqEGjTDvsaNsRO8XDt8en3l+vNiWxQ/2THTVxk7al2L5HpYZxRw4GBfp1mIalfF JZK0iUHgM4nGJI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; s=default; bh=nhIW1ys87bvwwZEITEEVYnBboyE=; b=mHk ygyJkgOE7noJ6lTCFZZmTNdOPsqI1lu9Jw3B2Qy+DL95kU2GokdJfH4rg15Z8rn+ gWPSZGr0BqR0PAopMiOsV1HQ4ZpsgKUbY3SDDt+nBLAw97iYzm3Orksf7vh4RUB6 9OfuOGfgEXvgxrozBkXGgUTOJvEVCENIKcelBP4c= Received: (qmail 31224 invoked by alias); 5 Jun 2014 15:48:39 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 31098 invoked by uid 89); 5 Jun 2014 15:48:38 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx2.suse.de From: Andreas Schwab To: libc-alpha@sourceware.org Subject: [PATCH] Avoid array overrun in getifaddrs X-Yow: I'm using my X-RAY VISION to obtain a rare glimpse of the INNER WORKINGS of this POTATO!! Date: Thu, 05 Jun 2014 17:48:34 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 [BZ #15698] * sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs_internal): Avoid writing beyond end of netmask. Remove redundant check for positive max_prefixlen. Store netmask via unsigned char. --- sysdeps/unix/sysv/linux/ifaddrs.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sysdeps/unix/sysv/linux/ifaddrs.c b/sysdeps/unix/sysv/linux/ifaddrs.c index d83e8f8..7022888 100644 --- a/sysdeps/unix/sysv/linux/ifaddrs.c +++ b/sysdeps/unix/sysv/linux/ifaddrs.c @@ -748,7 +748,7 @@ getifaddrs_internal (struct ifaddrs **ifap) && ifas[ifa_index].ifa.ifa_addr->sa_family != AF_PACKET) { uint32_t max_prefixlen = 0; - char *cp = NULL; + unsigned char *cp = NULL; ifas[ifa_index].ifa.ifa_netmask = &ifas[ifa_index].netmask.sa; @@ -756,12 +756,12 @@ getifaddrs_internal (struct ifaddrs **ifap) switch (ifas[ifa_index].ifa.ifa_addr->sa_family) { case AF_INET: - cp = (char *) &ifas[ifa_index].netmask.s4.sin_addr; + cp = (unsigned char *) &ifas[ifa_index].netmask.s4.sin_addr; max_prefixlen = 32; break; case AF_INET6: - cp = (char *) &ifas[ifa_index].netmask.s6.sin6_addr; + cp = (unsigned char *) &ifas[ifa_index].netmask.s6.sin6_addr; max_prefixlen = 128; break; } @@ -771,11 +771,10 @@ getifaddrs_internal (struct ifaddrs **ifap) if (cp != NULL) { - char c; + unsigned char c; unsigned int preflen; - if ((max_prefixlen > 0) && - (ifam->ifa_prefixlen > max_prefixlen)) + if (ifam->ifa_prefixlen > max_prefixlen) preflen = max_prefixlen; else preflen = ifam->ifa_prefixlen; @@ -784,7 +783,8 @@ getifaddrs_internal (struct ifaddrs **ifap) *cp++ = 0xff; c = 0xff; c <<= (8 - (preflen % 8)); - *cp = c; + if (c != 0) + *cp = c; } } }