This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] Avoid array overrun in getifaddrs
- From: Andreas Schwab <schwab at suse dot de>
- To: libc-alpha at sourceware dot org
- Date: Thu, 05 Jun 2014 17:48:34 +0200
- Subject: [PATCH] Avoid array overrun in getifaddrs
- Authentication-results: sourceware.org; auth=none
[BZ #15698]
* sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs_internal): Avoid
writing beyond end of netmask. Remove redundant check for
positive max_prefixlen. Store netmask via unsigned char.
---
sysdeps/unix/sysv/linux/ifaddrs.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/ifaddrs.c b/sysdeps/unix/sysv/linux/ifaddrs.c
index d83e8f8..7022888 100644
--- a/sysdeps/unix/sysv/linux/ifaddrs.c
+++ b/sysdeps/unix/sysv/linux/ifaddrs.c
@@ -748,7 +748,7 @@ getifaddrs_internal (struct ifaddrs **ifap)
&& ifas[ifa_index].ifa.ifa_addr->sa_family != AF_PACKET)
{
uint32_t max_prefixlen = 0;
- char *cp = NULL;
+ unsigned char *cp = NULL;
ifas[ifa_index].ifa.ifa_netmask
= &ifas[ifa_index].netmask.sa;
@@ -756,12 +756,12 @@ getifaddrs_internal (struct ifaddrs **ifap)
switch (ifas[ifa_index].ifa.ifa_addr->sa_family)
{
case AF_INET:
- cp = (char *) &ifas[ifa_index].netmask.s4.sin_addr;
+ cp = (unsigned char *) &ifas[ifa_index].netmask.s4.sin_addr;
max_prefixlen = 32;
break;
case AF_INET6:
- cp = (char *) &ifas[ifa_index].netmask.s6.sin6_addr;
+ cp = (unsigned char *) &ifas[ifa_index].netmask.s6.sin6_addr;
max_prefixlen = 128;
break;
}
@@ -771,11 +771,10 @@ getifaddrs_internal (struct ifaddrs **ifap)
if (cp != NULL)
{
- char c;
+ unsigned char c;
unsigned int preflen;
- if ((max_prefixlen > 0) &&
- (ifam->ifa_prefixlen > max_prefixlen))
+ if (ifam->ifa_prefixlen > max_prefixlen)
preflen = max_prefixlen;
else
preflen = ifam->ifa_prefixlen;
@@ -784,7 +783,8 @@ getifaddrs_internal (struct ifaddrs **ifap)
*cp++ = 0xff;
c = 0xff;
c <<= (8 - (preflen % 8));
- *cp = c;
+ if (c != 0)
+ *cp = c;
}
}
}
--
2.0.0
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."