NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/44054: Stacksmashing in handling of ioctl OOSIO* parameter



The following reply was made to PR kern/44054; it has been noted by GNATS.

From: christos%zoulas.com@localhost (Christos Zoulas)
To: gnats-bugs%NetBSD.org@localhost, kern-bug-people%netbsd.org@localhost, 
        gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/44054: Stacksmashing in handling of ioctl OOSIO* parameter
Date: Sat, 6 Nov 2010 13:22:27 -0400

 On Nov 6, 11:25am, o.vd.linden%quicknet.nl@localhost 
(o.vd.linden%quicknet.nl@localhost) wrote:
 -- Subject: kern/44054: Stacksmashing in handling of ioctl OOSIO* parameter
 
 Fixed in the kernel, and here's the corrected test code for reference.
 
 christos
 
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <net/if.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <err.h>
 
 struct oifreq {
         char    ifr_name[IFNAMSIZ];             /* if name, e.g. "en0" */
         union {
                 struct  sockaddr ifru_addr;
                 struct  sockaddr ifru_dstaddr;
                 struct  sockaddr ifru_broadaddr;
                 short   ifru_flags;  
                 int     ifru_metric;
                 int     ifru_mtu; 
                 int     ifru_dlt;
                 u_int   ifru_value;
                 void *  ifru_data;
                 struct {
                         uint32_t        b_buflen;
                         void            *b_buf;
                 } ifru_b;
         } ifr_ifru;
 };      
 
 
 #define OOSIOCGIFBRDADDR _IOWR('i', 18, struct oifreq)
 
 int
 main(void)
 {
         int     fd;
         struct oifreq   ifreq;
         struct sockaddr_in      *sin;
 
         memset(&ifreq, '\0', sizeof ifreq);
         strcpy(ifreq.ifr_name, "sk0");
 
         fd = socket(AF_INET, SOCK_DGRAM, 0);
         if (fd == -1)
                 err(1, "socket");
 
         sin = (struct sockaddr_in *)&ifreq.ifr_broadaddr;
        sin->sin_family = AF_INET;
        sin->sin_len = sizeof(*sin);
         if (ioctl(fd, OOSIOCGIFBRDADDR, &ifreq) == -1)
                 err(1, "OOSIOCGIFBRDADDR");
         printf("broadcast: %s\n", inet_ntoa(sin->sin_addr));
 
         close(fd);
        return 0;
 }
 


Home | Main Index | Thread Index | Old Index