Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/sysinst Fix some uninitialized memory access and a ...



details:   https://anonhg.NetBSD.org/src/rev/67b6f424c987
branches:  trunk
changeset: 461781:67b6f424c987
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Jul 07 12:58:45 2019 +0000

description:
Fix some uninitialized memory access and a potential buffer overrun on
machines with multiple network interfaces.

diffstat:

 usr.sbin/sysinst/net.c |  34 +++++++++++++++++++++++-----------
 1 files changed, 23 insertions(+), 11 deletions(-)

diffs (82 lines):

diff -r a5857fb68b43 -r 67b6f424c987 usr.sbin/sysinst/net.c
--- a/usr.sbin/sysinst/net.c    Sun Jul 07 11:58:44 2019 +0000
+++ b/usr.sbin/sysinst/net.c    Sun Jul 07 12:58:45 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: net.c,v 1.30 2019/06/22 20:46:07 christos Exp $        */
+/*     $NetBSD: net.c,v 1.31 2019/07/07 12:58:45 martin Exp $  */
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -241,8 +241,8 @@
        }
 
        buf = malloc (STRSIZE * sizeof(char));
-       for (i = 0, buf_tmp = buf_in; strlen(buf_tmp) > 0 && buf_tmp < buf_in +
-            strlen(buf_in);) {
+       for (i = 0, buf_tmp = buf_in; i < MAX_NETS && strlen(buf_tmp) > 0
+           && buf_tmp < buf_in + strlen(buf_in);) {
                tmp = stpncpy(buf, buf_tmp, strcspn(buf_tmp," \n"));
                *tmp='\0';
                buf_tmp += (strcspn(buf_tmp, " \n") + 1) * sizeof(char);
@@ -485,7 +485,7 @@
        char buffer[STRSIZE];
        struct statvfs sb;
        struct net_desc net_devs[MAX_NETS];
-       menu_ent net_menu[5];
+       menu_ent *net_menu;
        int menu_no;
        int num_devs;
        int selected_net;
@@ -505,7 +505,13 @@
        if (num_devs < 1) {
                /* No network interfaces found! */
                hit_enter_to_continue(NULL, MSG_nonet);
-               return (-1);
+               return -1;
+       }
+
+       net_menu = calloc(num_devs, sizeof(*net_menu));
+       if (net_menu == NULL) {
+               err_msg_win(err_outofmem);
+               return -1;
        }
 
        for (i = 0; i < num_devs; i++) {
@@ -513,18 +519,21 @@
                net_menu[i].opt_flags = OPT_EXIT;
                net_menu[i].opt_action = set_menu_select;
        }
-again:
-       selected_net = -1;
+
        menu_no = new_menu(MSG_netdevs,
                net_menu, num_devs, -1, 4, 0, 0,
                MC_SCROLL,
                NULL, NULL, NULL, NULL, NULL);
+again:
+       selected_net = -1;
        msg_display(MSG_asknetdev);
        process_menu(menu_no, &selected_net);
-       free_menu(menu_no);
-       
-       if (selected_net == -1)
-           return 0;
+
+       if (selected_net == -1) {
+               free_menu(menu_no);
+               free(net_menu);
+               return 0;
+       }
 
        network_up = 1;
        dhcp_config = 0;
@@ -751,6 +760,9 @@
        if (!ask_yesno(MSG_netok_ok))
                goto again;
 
+       free_menu(menu_no);
+       free(net_menu);
+
        run_program(0, "/sbin/ifconfig lo0 127.0.0.1");
 
        /* dhcpcd will have configured it all for us */



Home | Main Index | Thread Index | Old Index