diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2005-05-13 08:34:34 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2005-05-13 08:34:34 +0000 |
| commit | 0f4971db011f2c2cac1d25f2c03b9adf30b0e583 (patch) | |
| tree | fb469059354a0f6018e84cfeb11378d10e8a1de8 | |
| parent | 652c6562a6ba93d3bf2c24df96181cf5cefcab03 (diff) | |
The NET_RT_IFLIST sysctl returns RTM_IFINFO and RTM_NEWADDR messages in
the buffer. While RTM_IFINFO starts with a struct if_msghdr RTM_NEWADDR
does not. In other words (struct sockaddr *)(next + sizeof(ifm)) is only
correct for RTM_IFINFO and not for RTM_NEWADDR. So move the ifm_type check
up else get_rtaddrs() would access memory outside of buf.
OK henning@
| -rw-r--r-- | usr.sbin/bgpd/kroute.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c index 9d29078bcdc..0037414f2ac 100644 --- a/usr.sbin/bgpd/kroute.c +++ b/usr.sbin/bgpd/kroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kroute.c,v 1.125 2005/04/28 13:54:45 claudio Exp $ */ +/* $OpenBSD: kroute.c,v 1.126 2005/05/13 08:34:33 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1378,12 +1378,12 @@ fetchifs(int ifindex) lim = buf + len; for (next = buf; next < lim; next += ifm.ifm_msglen) { memcpy(&ifm, next, sizeof(ifm)); - sa = (struct sockaddr *)(next + sizeof(ifm)); - get_rtaddrs(ifm.ifm_addrs, sa, rti_info); - if (ifm.ifm_type != RTM_IFINFO) continue; + sa = (struct sockaddr *)(next + sizeof(ifm)); + get_rtaddrs(ifm.ifm_addrs, sa, rti_info); + if ((kif = calloc(1, sizeof(struct kif_node))) == NULL) { log_warn("fetchifs"); free(buf); |