* foreachaddr.c (SLOP): New macro.

(foreach_localaddr): Use it as the amount of extra space we look for past the
ifreq structures actually filled in.  Add SLOP to the size of the buffer
allocated to hold the ifreq structures.  Place an upper bound on the buffer
size.  Don't crash if the returned ifc_len is larger than the supplied buffer
size.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14226 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 27 insertions, 4 deletions

diff --git a/src/include/ChangeLog b/src/include/ChangeLog
index 9e5d7a358..b76eee762 100644
--- a/src/include/ChangeLog
+++ b/src/include/ChangeLog
@@ -1,3 +1,12 @@
+2002-03-05  Ken Raeburn  <raeburn@mit.edu>
+
+	* foreachaddr.c (SLOP): New macro.
+	(foreach_localaddr): Use it as the amount of extra space we look
+	for past the ifreq structures actually filled in.  Add SLOP to the
+	size of the buffer allocated to hold the ifreq structures.  Place
+	an upper bound on the buffer size.  Don't crash if the returned
+	ifc_len is larger than the supplied buffer size.
+
 2002-02-22  Ken Raeburn  <raeburn@mit.edu>
 
 	* krb5.hin, k5-int.h: Use const instead of krb5_const.
diff --git a/src/include/foreachaddr.c b/src/include/foreachaddr.c
index 07a2a0e0a..3c3adad52 100644
--- a/src/include/foreachaddr.c
+++ b/src/include/foreachaddr.c
@@ -594,6 +594,8 @@ punt:
 
 #else /* not defined (SIOCGLIFNUM) */
 
+#define SLOP (sizeof (struct ifreq) + 128)
+
 static int
 foreach_localaddr (/*@null@*/ void *data,
 		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
@@ -642,7 +644,7 @@ foreach_localaddr (/*@null@*/ void *data,
 	est_if_count = numifs;
 #endif
     if (current_buf_size == 0)
-	current_buf_size = est_ifreq_size * est_if_count;
+	current_buf_size = est_ifreq_size * est_if_count + SLOP;
     buf = malloc (current_buf_size);
     if (buf == NULL)
 	return errno;
@@ -663,17 +665,21 @@ foreach_localaddr (/*@null@*/ void *data,
        the only indication we get, complicated by the fact that the
        associated address may make the required storage a little
        bigger than the size of an ifreq.  */
-    if (current_buf_size - size < sizeof (struct ifreq) + 40
+    if (current_buf_size - size < SLOP
 #ifdef SIOCGSIZIFCONF
+	/* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's
+	   trust the value it returns.  */
 	&& ifconfsize <= 0
 #elif defined (SIOCGIFNUM)
 	&& numifs <= 0
 #endif
+	/* And we need *some* sort of bounds.  */
+	&& current_buf_size <= 100000
 	) {
 	size_t new_size;
 
 	est_if_count *= 2;
-	new_size = est_ifreq_size * est_if_count;
+	new_size = est_ifreq_size * est_if_count + SLOP;
 	buf = grow_or_free (buf, new_size);
 	if (buf == 0)
 	    return errno;
@@ -682,7 +688,15 @@ foreach_localaddr (/*@null@*/ void *data,
     }
 
     n = size;
-
+    if (n > current_buf_size)
+	n = current_buf_size;
+
+    /* Note: Apparently some systems put the size (used or wanted?)
+       into the start of the buffer, just none that I'm actually
+       using.  Fix this when there's such a test system available.
+       The Samba mailing list archives mention that NTP looks for the
+       size on these systems: *-fujitsu-uxp* *-ncr-sysv4*
+       *-univel-sysv*.  */
     for (i = 0; i < n; i+= ifreq_size(*ifr) ) {
 	ifr = (struct ifreq *)((caddr_t) buf+i);