tech-net: Re: racoon broken in -current: grab

Subject: Re: racoon broken in -current: grab_myaddrs and SIOCGIFCONF
To: None <tech-net@NetBSD.org>
From: David Young <dyoung@pobox.com>
List: tech-net
Date: 09/01/2007 21:13:10

On Fri, Aug 31, 2007 at 10:39:54AM -0400, Greg Troxel wrote:
> 		TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
> 			struct sockaddr *sa = ifa->ifa_addr;
> 			/* all sockaddrs must fit in sockaddr_storage */
> 			KASSERT(sa->sa_len <= sizeof(ifr.ifr_ifru));
> 
> 			if (ifrp != NULL)
> 			{
> 				ifr.ifr_addr = *sa;

That will truncate the sockaddr you copy out, if sa->sa_len > sizeof(*sa).
Maybe use sockaddr_copy(&ifr.ifr_addr, sizeof(ifr.ifr_ifru), sa)?

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933 ext 24