PR/44054: Onno van der Linden: Stacksmashing in handling of ioctl OOSIO*

parameter.
2010-11-06 17:17:13 +00:00 · 2010-11-06 17:17:13 +00:00 · 4b64d01d9d
parent 6980fa77a5
commit 4b64d01d9d
1 changed files with 22 additions and 8 deletions
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.246 2010/11/02 22:34:21 christos Exp $	*/
+/*	$NetBSD: if.c,v 1.247 2010/11/06 17:17:13 christos Exp $	*/
 /*-
 * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@ -90,7 +90,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.246 2010/11/02 22:34:21 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.247 2010/11/06 17:17:13 christos Exp $");
 #include "opt_inet.h"
@ -1916,19 +1916,33 @@ ifconf(u_long cmd, void *data)
 }
 int
-ifreq_setaddr(const u_long cmd, struct ifreq *ifr, const struct sockaddr *sa)
+ifreq_setaddr(u_long cmd, struct ifreq *ifr, const struct sockaddr *sa)
 {
 	uint8_t len;
-	u_long ncmd;
+#ifdef COMPAT_OIFREQ
-
+	struct ifreq ifrb;
-	if ((ncmd = compat_cvtcmd(cmd)) != cmd)
+	struct oifreq *oifr = NULL;
-		len = sizeof(ifr->ifr_addr);
+	u_long ocmd = cmd;
-	else
+	cmd = compat_cvtcmd(cmd);
 	if (cmd != ocmd) {
 		oifr = (struct oifreq *)(void *)ifr;
 		ifr = &ifrb;
 		ifreqo2n(oifr, ifr);
 		len = sizeof(oifr->ifr_addr);
 	} else
 #endif
 		len = sizeof(ifr->ifr_ifru.ifru_space);
 	if (len < sa->sa_len)
 		return EFBIG;
 	memset(&ifr->ifr_addr, 0, len);
 	sockaddr_copy(&ifr->ifr_addr, len, sa);
 #ifdef COMPAT_OIFREQ
 	if (cmd != ocmd)
 		ifreqn2o(oifr, ifr);
 #endif
 	return 0;
 }