PR/44054: Onno van der Linden: Stacksmashing in handling of ioctl OOSIO*

parameter.
2010-11-06 17:17:13 +00:00 · 2010-11-06 17:17:13 +00:00 · 4b64d01d9d
parent 6980fa77a5
commit 4b64d01d9d
1 changed files with 22 additions and 8 deletions
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.246 2010/11/02 22:34:21 christos Exp $	*/
+/*	$NetBSD: if.c,v 1.247 2010/11/06 17:17:13 christos Exp $	*/

 /*-
 * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@ -90,7 +90,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.246 2010/11/02 22:34:21 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.247 2010/11/06 17:17:13 christos Exp $");

 #include "opt_inet.h"

@ -1916,19 +1916,33 @@ ifconf(u_long cmd, void *data)
 }

 int
-ifreq_setaddr(const u_long cmd, struct ifreq *ifr, const struct sockaddr *sa)
+ifreq_setaddr(u_long cmd, struct ifreq *ifr, const struct sockaddr *sa)
 {
 	uint8_t len;
-	u_long ncmd;
-
-	if ((ncmd = compat_cvtcmd(cmd)) != cmd)
-		len = sizeof(ifr->ifr_addr);
-	else
+#ifdef COMPAT_OIFREQ
+	struct ifreq ifrb;
+	struct oifreq *oifr = NULL;
+	u_long ocmd = cmd;
+	cmd = compat_cvtcmd(cmd);
+	if (cmd != ocmd) {
+		oifr = (struct oifreq *)(void *)ifr;
+		ifr = &ifrb;
+		ifreqo2n(oifr, ifr);
+		len = sizeof(oifr->ifr_addr);
+	} else
+#endif
 		len = sizeof(ifr->ifr_ifru.ifru_space);
+
 	if (len < sa->sa_len)
 		return EFBIG;
+
 	memset(&ifr->ifr_addr, 0, len);
 	sockaddr_copy(&ifr->ifr_addr, len, sa);
+
+#ifdef COMPAT_OIFREQ
+	if (cmd != ocmd)
+		ifreqn2o(oifr, ifr);
+#endif
 	return 0;
 }