diff options
author | Artur Grabowski <art@cvs.openbsd.org> | 1997-12-09 07:57:43 +0000 |
---|---|---|
committer | Artur Grabowski <art@cvs.openbsd.org> | 1997-12-09 07:57:43 +0000 |
commit | eded21a00a253859f474c1bcca5d418a3c82948f (patch) | |
tree | 94e38e1e18679c1a1a5af56a04c549d26eb42255 /kerberosIV/krb/getaddrs.c | |
parent | 49ac4cb4369b59297c067ed22daacd240c981029 (diff) |
Removed one expliotable hole, one possibly exploitable hole, many buffer
overflows and lots of unchecked pointers. Tags are nice too.
Diffstat (limited to 'kerberosIV/krb/getaddrs.c')
-rw-r--r-- | kerberosIV/krb/getaddrs.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/kerberosIV/krb/getaddrs.c b/kerberosIV/krb/getaddrs.c index d58e2f67af5..1e7d7d2e672 100644 --- a/kerberosIV/krb/getaddrs.c +++ b/kerberosIV/krb/getaddrs.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getaddrs.c,v 1.3 1997/12/09 07:57:18 art Exp $ */ /* $KTH: getaddrs.c,v 1.20 1997/11/09 06:13:32 assar Exp $ */ /* @@ -65,20 +66,25 @@ k_get_all_addrs (struct in_addr **l) struct ifconf ifconf; int num, j; char *p; + + if (l == NULL) + return -1; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) - return -1; + return -1; ifconf.ifc_len = sizeof(buf); ifconf.ifc_buf = buf; - if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) - return -1; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0){ + close (fd); + return -1; + } num = ifconf.ifc_len / sizeof(struct ifreq); *l = malloc(num * sizeof(struct in_addr)); if(*l == NULL) { - close (fd); - return -1; + close (fd); + return -1; } j = 0; @@ -92,12 +98,14 @@ k_get_all_addrs (struct in_addr **l) if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { close (fd); free (*l); + *l = NULL; return -1; } if (ifr->ifr_flags & IFF_UP) { if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { close (fd); free (*l); + *l = NULL; return -1; } (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; @@ -107,7 +115,12 @@ k_get_all_addrs (struct in_addr **l) p = p + sz; } if (j != num) - *l = realloc (*l, j * sizeof(struct in_addr)); + if ((*l = realloc (*l, j * sizeof(struct in_addr))) == NULL) + { + close(fd); + return -1; + } + close (fd); return j; } |