2-byte read overrun for unknown sockaddr. from openbsd

XXX out[64], is it safe? what if sa_len > 23?
2004-05-15 13:41:09 +00:00 · 2004-05-15 13:41:09 +00:00 · 7340ad20ce
parent fd08660c9a
commit 7340ad20ce
1 changed files with 3 additions and 3 deletions
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@ -1,4 +1,4 @@
-/*	$NetBSD: route.c,v 1.71 2004/01/05 23:23:33 jmmv Exp $	*/
+/*	$NetBSD: route.c,v 1.72 2004/05/15 13:41:09 itojun Exp $	*/

 /*
 * Copyright (c) 1983, 1989, 1991, 1993
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1989, 1991, 1993\n\
 #if 0
 static char sccsid[] = "@(#)route.c	8.6 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: route.c,v 1.71 2004/01/05 23:23:33 jmmv Exp $");
+__RCSID("$NetBSD: route.c,v 1.72 2004/05/15 13:41:09 itojun Exp $");
 #endif
 #endif /* not lint */

@ -364,7 +364,7 @@ any_ntoa(sa)
 	char *out;
 	int len;

-	len = sa->sa_len;
+	len = sa->sa_len - offsetof(struct sockaddr, sa_data);
 	in  = sa->sa_data;
 	out = obuf;