From 712a50a4879ec9c0e6f8b5de2a1b4ecf1dd8cb69 Mon Sep 17 00:00:00 2001 From: Jun-ichiro itojun Hagino Date: Sat, 21 Jul 2001 12:22:58 +0000 Subject: repair validation on RTAX_GENMASK insertion. has been broken since 44bsd. (freebsd3 has a fix since 1999, but has insufficient validation on sa_len) --- sys/net/rtsock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'sys/net/rtsock.c') diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index b9c7b56eb81..7bc622e21d9 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.15 2001/06/04 23:21:10 itojun Exp $ */ +/* $OpenBSD: rtsock.c,v 1.16 2001/07/21 12:22:57 itojun Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -234,7 +234,9 @@ route_output(m, va_alist) if (genmask) { struct radix_node *t; t = rn_addmask((caddr_t)genmask, 0, 1); - if (t && Bcmp(genmask, t->rn_key, *(u_char *)genmask) == 0) + if (t && genmask->sa_len >= ((struct sockaddr *)t->rn_key)->sa_len && + Bcmp((caddr_t *)genmask + 1, (caddr_t *)t->rn_key + 1, + ((struct sockaddr *)t->rn_key)->sa_len) - 1) genmask = (struct sockaddr *)(t->rn_key); else senderr(ENOBUFS); -- cgit v1.2.3