pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/nmap Correct handling of the length of data return...
details: https://anonhg.NetBSD.org/pkgsrc/rev/651f89e7d985
branches: trunk
changeset: 556705:651f89e7d985
user: apb <apb%pkgsrc.org@localhost>
date: Wed Apr 01 07:56:18 2009 +0000
description:
Correct handling of the length of data returned by SIOCGIFCONF. The
actual length of each item is never less than sizeof(struct ifreq), but
may be more than that. If the platform's struct sockaddr has an sa_len
field, and if the length in sa_len is larger then the space available in
ifr_ifru, then the data extends beyond the end of the ifr_ifru field by
the difference in sizes.
diffstat:
net/nmap/distinfo | 3 +-
net/nmap/patches/patch-ad | 61 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 63 insertions(+), 1 deletions(-)
diffs (79 lines):
diff -r 67812cc50e87 -r 651f89e7d985 net/nmap/distinfo
--- a/net/nmap/distinfo Tue Mar 31 17:46:43 2009 +0000
+++ b/net/nmap/distinfo Wed Apr 01 07:56:18 2009 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.38 2009/01/04 15:16:11 adrianp Exp $
+$NetBSD: distinfo,v 1.39 2009/04/01 07:56:18 apb Exp $
SHA1 (nmap-4.76.tar.bz2) = a71141738b4512b6d5b35ef94258e525df30a586
RMD160 (nmap-4.76.tar.bz2) = ec93522e05e7233e8950b28ab12b45355e63c0c7
Size (nmap-4.76.tar.bz2) = 6061317 bytes
SHA1 (patch-aa) = b47bb158aa9504e7bc0f3092e3370d49a82ec608
SHA1 (patch-ab) = bef6a0bc8481702319d14d3427169562f13e1526
+SHA1 (patch-ad) = 767ace3bb0c94db80ce3352692358b63463f4e30
SHA1 (patch-aj) = 5e306f51f5e0a07eb05d498547f95b526ffbdfc7
diff -r 67812cc50e87 -r 651f89e7d985 net/nmap/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/nmap/patches/patch-ad Wed Apr 01 07:56:18 2009 +0000
@@ -0,0 +1,61 @@
+$NetBSD: patch-ad,v 1.13 2009/04/01 07:56:19 apb Exp $
+
+Correct handling of the length of data returned by SIOCGIFCONF. The
+actual length of each item is never less than sizeof(struct ifreq), but
+may be more than that. If the platform's struct sockaddr has an sa_len
+field, and if the length in sa_len is larger then the space available in
+ifr_ifru, then the data extends beyond the end of the ifr_ifru field by
+the difference in sizes.
+
+The previous code of the form
+
+ len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
+
+had two problems:
+
+1) It assumes that ifr_name and ifr_ifru are the only members
+ of struct ifreq, so that sizeof(ifr->ifr_name) is equivalent to
+ sizeof(struct ifr) - sizeof(ifr->ifr_ifreq). This assumption may
+ be incorrect on some thypothetical systems,
+ and it's just as efficient to use code that
+ avoids making the assumption.
+
+2) It assumes that ifr->ifr_addr.sa_len will never be smaller than
+ sizeof(ifr->ifr_ifru). This assumption is incorrect on some
+ systems, at least on NetBSD.
+
+--- tcpip.cc.orig 2008-09-04 14:41:59.000000000 +0000
++++ tcpip.cc
+@@ -2890,12 +2890,10 @@ int sd;
+ ifr = (struct ifreq *) buf;
+ if (ifc.ifc_len == 0)
+ fatal("%s: SIOCGIFCONF claims you have no network interfaces!\n", __func__);
+-#if HAVE_SOCKADDR_SA_LEN
+- /* len = MAX(sizeof(struct sockaddr), ifr->ifr_addr.sa_len);*/
+- len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
+-#else
+ len = sizeof(struct ifreq);
+- /* len = sizeof(SA); */
++#if HAVE_SOCKADDR_SA_LEN
++ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru))
++ len += (ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru));
+ #endif
+
+ /* Debugging code
+@@ -2914,10 +2912,13 @@ int sd;
+ printf("ifr = %X\n",(unsigned)(*(char **)&ifr));
+ */
+
+- /* On some platforms (such as FreeBSD), the length of each ifr changes
+- based on the sockaddr type used, so we get the next length now */
++ /* On platforms where struct sockaddr has an sa_len member, if
++ ifr_ddr.sa_len is larger then sizeof ifr_ifru, then the actual
++ data extends beyond the end of ifr_ifru. */
++ len = sizeof(struct ifreq);
+ #if HAVE_SOCKADDR_SA_LEN
+- len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
++ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru))
++ len += (ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru));
+ #endif
+
+ /* skip any device with no name */
Home |
Main Index |
Thread Index |
Old Index