diff options
| author | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2016-08-02 16:17:55 +0000 |
|---|---|---|
| committer | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2016-08-02 16:17:55 +0000 |
| commit | 35ea6c3a13cd3965cd1c77e6389da71efc05e7b5 (patch) | |
| tree | d217789d5cdff536c3718d52a3b3b1bf69aa06a5 /usr.sbin/ndp | |
| parent | 741c4d4e09ef822840c4f89018ba0255cbb68fbc (diff) | |
Ensure that "lim" is initialized and reset at each loop run.
Avoids possible invalid memory accesses. ok florian@
Diffstat (limited to 'usr.sbin/ndp')
| -rw-r--r-- | usr.sbin/ndp/ndp.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c index cef46bbd74f..0539fec9682 100644 --- a/usr.sbin/ndp/ndp.c +++ b/usr.sbin/ndp/ndp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ndp.c,v 1.74 2016/07/31 19:23:24 jca Exp $ */ +/* $OpenBSD: ndp.c,v 1.75 2016/08/02 16:17:54 jca Exp $ */ /* $KAME: ndp.c,v 1.101 2002/07/17 08:46:33 itojun Exp $ */ /* @@ -110,6 +110,7 @@ /* packing rule for routing socket */ #define ROUNDUP(a) \ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) +/* XXX remove */ #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) static pid_t pid; @@ -579,6 +580,7 @@ dump(struct in6_addr *addr, int cflag) W_IF, W_IF, "Netif", "Expire", "S", "Flags"); again:; + lim = NULL; mib[0] = CTL_NET; mib[1] = PF_ROUTE; mib[2] = 0; @@ -602,7 +604,7 @@ again:; break; } - for (next = buf; next && next < lim; next += rtm->rtm_msglen) { + for (next = buf; next && lim && next < lim; next += rtm->rtm_msglen) { int isrouter = 0, prbs = 0; rtm = (struct rt_msghdr *)next; |