NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/44054: Stacksmashing in handling of ioctl OOSIO* parameter
On Nov 6, 11:25am, o.vd.linden%quicknet.nl@localhost
(o.vd.linden%quicknet.nl@localhost) wrote:
-- Subject: kern/44054: Stacksmashing in handling of ioctl OOSIO* parameter
Fixed in the kernel, and here's the corrected test code for reference.
christos
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <err.h>
struct oifreq {
char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */
union {
struct sockaddr ifru_addr;
struct sockaddr ifru_dstaddr;
struct sockaddr ifru_broadaddr;
short ifru_flags;
int ifru_metric;
int ifru_mtu;
int ifru_dlt;
u_int ifru_value;
void * ifru_data;
struct {
uint32_t b_buflen;
void *b_buf;
} ifru_b;
} ifr_ifru;
};
#define OOSIOCGIFBRDADDR _IOWR('i', 18, struct oifreq)
int
main(void)
{
int fd;
struct oifreq ifreq;
struct sockaddr_in *sin;
memset(&ifreq, '\0', sizeof ifreq);
strcpy(ifreq.ifr_name, "sk0");
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd == -1)
err(1, "socket");
sin = (struct sockaddr_in *)&ifreq.ifr_broadaddr;
sin->sin_family = AF_INET;
sin->sin_len = sizeof(*sin);
if (ioctl(fd, OOSIOCGIFBRDADDR, &ifreq) == -1)
err(1, "OOSIOCGIFBRDADDR");
printf("broadcast: %s\n", inet_ntoa(sin->sin_addr));
close(fd);
return 0;
}
Home |
Main Index |
Thread Index |
Old Index