diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2001-07-21 12:22:58 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2001-07-21 12:22:58 +0000 |
| commit | 712a50a4879ec9c0e6f8b5de2a1b4ecf1dd8cb69 (patch) | |
| tree | 6411f6a781e18d908b631ee5993657663128bdc2 | |
| parent | 7da93e63dc124bc47004a514f6caae8c1d71ee95 (diff) | |
repair validation on RTAX_GENMASK insertion. has been broken since 44bsd.
(freebsd3 has a fix since 1999, but has insufficient validation on sa_len)
| -rw-r--r-- | sys/net/rtsock.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index b9c7b56eb81..7bc622e21d9 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.15 2001/06/04 23:21:10 itojun Exp $ */ +/* $OpenBSD: rtsock.c,v 1.16 2001/07/21 12:22:57 itojun Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -234,7 +234,9 @@ route_output(m, va_alist) if (genmask) { struct radix_node *t; t = rn_addmask((caddr_t)genmask, 0, 1); - if (t && Bcmp(genmask, t->rn_key, *(u_char *)genmask) == 0) + if (t && genmask->sa_len >= ((struct sockaddr *)t->rn_key)->sa_len && + Bcmp((caddr_t *)genmask + 1, (caddr_t *)t->rn_key + 1, + ((struct sockaddr *)t->rn_key)->sa_len) - 1) genmask = (struct sockaddr *)(t->rn_key); else senderr(ENOBUFS); |