diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2004-10-06 23:39:12 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2004-10-06 23:39:12 +0000 |
| commit | 2104847a26d384bb50d474a108c3997c453d5a3d (patch) | |
| tree | f807455462beaeccf3420ef6c997f2099d1f4a28 /src | |
| parent | 7da93712765db1b1992ebf87b4abdb766260e747 (diff) | |
| download | krb5-2104847a26d384bb50d474a108c3997c453d5a3d.tar.gz krb5-2104847a26d384bb50d474a108c3997c453d5a3d.tar.xz krb5-2104847a26d384bb50d474a108c3997c453d5a3d.zip | |
* localaddr.c (foreach_localaddr): Be more careful not to walk past the end of
the ifreq array.
(get_ifreq_array): Return 0 in success case, not errno.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16808 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/os/ChangeLog | 4 | ||||
| -rw-r--r-- | src/lib/krb5/os/localaddr.c | 15 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index a560ac959..1258c9151 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,5 +1,9 @@ 2004-10-06 Ken Raeburn <raeburn@mit.edu> + * localaddr.c (foreach_localaddr): Be more careful not to walk + past the end of the ifreq array. + (get_ifreq_array): Return 0 in success case, not errno. + * localaddr.c (get_ifreq_array): Split out from foreach_localaddr general version. (foreach_localaddr): Call it. diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index 389a7781e..91324660b 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -568,7 +568,7 @@ foreach_localaddr (/*@null@*/ void *data, goto punt; } - for (i = 0; i < P.buf_size; i+= sizeof (*lifr)) { + for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { lifr = (struct lifreq *)((caddr_t) P.buf+i); strncpy(lifreq.lifr_name, lifr->lifr_name, @@ -637,7 +637,7 @@ have_working_socket: if (pass2fn) FOREACH_AF () if (P.sock >= 0) { - for (i = 0; i < P.buf_size; i+= sizeof (*lifr)) { + for (i = 0; i + sizeof (*lifr) <= P.buf_size; i+= sizeof (*lifr)) { lifr = (struct lifreq *)((caddr_t) P.buf+i); if (lifr->lifr_name[0] == '\0') @@ -740,7 +740,7 @@ foreach_localaddr (/*@null@*/ void *data, goto punt; } - for (i = 0; i < P.buf_size; i+= sizeof (*lifr)) { + for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { lifr = (struct if_laddrreq *)((caddr_t) P.buf+i); strncpy(lifreq.iflr_name, lifr->iflr_name, @@ -809,7 +809,7 @@ have_working_socket: if (pass2fn) FOREACH_AF () if (P.sock >= 0) { - for (i = 0; i < P.buf_size; i+= sizeof (*lifr)) { + for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { lifr = (struct if_laddrreq *)((caddr_t) P.buf+i); if (lifr->iflr_name[0] == '\0') @@ -914,7 +914,7 @@ ask_again: *bufp = buf; *np = n; - return errno; + return 0; } int @@ -955,8 +955,11 @@ foreach_localaddr (/*@null@*/ void *data, The Samba mailing list archives mention that NTP looks for the size on these systems: *-fujitsu-uxp* *-ncr-sysv4* *-univel-sysv*. */ - for (i = 0; i < n; i+= ifreq_size(*ifr) ) { + for (i = 0; i + sizeof(struct ifreq) < n; i+= ifreq_size(*ifr) ) { ifr = (struct ifreq *)((caddr_t) buf+i); + /* In case ifreq_size is more than sizeof(). */ + if (i + ifreq_size(*ifr) >= n) + break; strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name)); Tprintf (("interface %s\n", ifreq.ifr_name)); |