Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/net Pullup 1.16 [itojun]:
details: https://anonhg.NetBSD.org/src/rev/eadf59e6dbef
branches: netbsd-1-5
changeset: 489782:eadf59e6dbef
user: tv <tv%NetBSD.org@localhost>
date: Tue Oct 17 02:19:17 2000 +0000
description:
Pullup 1.16 [itojun]:
validate args to SIOC[SG]IFPHY* better.
diffstat:
sys/net/if_gif.c | 44 ++++++++++++++++++++++++++++++--------------
1 files changed, 30 insertions(+), 14 deletions(-)
diffs (105 lines):
diff -r 38462c8816a5 -r eadf59e6dbef sys/net/if_gif.c
--- a/sys/net/if_gif.c Tue Oct 17 02:16:44 2000 +0000
+++ b/sys/net/if_gif.c Tue Oct 17 02:19:17 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: if_gif.c,v 1.10.4.1 2000/06/20 21:04:26 itojun Exp $ */
-/* $KAME: if_gif.c,v 1.28 2000/06/20 12:30:03 jinmei Exp $ */
+/* $NetBSD: if_gif.c,v 1.10.4.2 2000/10/17 02:19:17 tv Exp $ */
+/* $KAME: if_gif.c,v 1.34 2000/10/07 03:58:53 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -504,6 +504,12 @@
&(((struct in_aliasreq *)data)->ifra_addr);
dst = (struct sockaddr *)
&(((struct in_aliasreq *)data)->ifra_dstaddr);
+ if (src->sa_len != sizeof(struct sockaddr_in) ||
+ dst->sa_len != sizeof(struct sockaddr_in))
+ return EINVAL;
+ if (src->sa_family != AF_INET ||
+ dst->sa_family != AF_INET)
+ return EAFNOSUPPORT;
break;
#ifdef INET6
case SIOCSIFPHYADDR_IN6:
@@ -511,6 +517,12 @@
&(((struct in6_aliasreq *)data)->ifra_addr);
dst = (struct sockaddr *)
&(((struct in6_aliasreq *)data)->ifra_dstaddr);
+ if (src->sa_len != sizeof(struct sockaddr_in6) ||
+ dst->sa_len != sizeof(struct sockaddr_in6))
+ return EINVAL;
+ if (src->sa_family != AF_INET6 ||
+ dst->sa_family != AF_INET6)
+ return EAFNOSUPPORT;
break;
#endif
}
@@ -621,25 +633,27 @@
goto bad;
}
src = sc->gif_psrc;
- switch (sc->gif_psrc->sa_family) {
+ switch (cmd) {
#ifdef INET
- case AF_INET:
+ case SIOCGIFPSRCADDR:
dst = &ifr->ifr_addr;
- size = sizeof(struct sockaddr_in);
+ size = sizeof(ifr->ifr_addr);
break;
#endif /* INET */
#ifdef INET6
- case AF_INET6:
+ case SIOCGIFPSRCADDR_IN6:
dst = (struct sockaddr *)
&(((struct in6_ifreq *)data)->ifr_addr);
- size = sizeof(struct sockaddr_in6);
+ size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
break;
#endif /* INET6 */
default:
error = EADDRNOTAVAIL;
goto bad;
}
- bcopy((caddr_t)src, (caddr_t)dst, size);
+ if (src->sa_len > size)
+ return EINVAL;
+ bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
break;
case SIOCGIFPDSTADDR:
@@ -651,25 +665,27 @@
goto bad;
}
src = sc->gif_pdst;
- switch (sc->gif_pdst->sa_family) {
+ switch (cmd) {
#ifdef INET
- case AF_INET:
+ case SIOCGIFPDSTADDR:
dst = &ifr->ifr_addr;
- size = sizeof(struct sockaddr_in);
+ size = sizeof(ifr->ifr_addr);
break;
#endif /* INET */
#ifdef INET6
- case AF_INET6:
+ case SIOCGIFPDSTADDR_IN6:
dst = (struct sockaddr *)
&(((struct in6_ifreq *)data)->ifr_addr);
- size = sizeof(struct sockaddr_in6);
+ size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
break;
#endif /* INET6 */
default:
error = EADDRNOTAVAIL;
goto bad;
}
- bcopy((caddr_t)src, (caddr_t)dst, size);
+ if (src->sa_len > size)
+ return EINVAL;
+ bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
break;
case SIOCSIFFLAGS:
Home |
Main Index |
Thread Index |
Old Index