Hello!

I have discovered a potential problem in NetBSD 1.3 & 1.4. The problem is
that if_attach() in net/if.c uses the mac address size ifp->if_addrlen to
setup the size of the interface's sockaddr_dl structure like this:

        namelen = strlen(ifp->if_xname);
        masklen = offsetof(struct sockaddr_dl, sdl_data[0]) + namelen;
        socksize = masklen + ifp->if_addrlen;
#define ROUNDUP(a) (1 + (((a) - 1) | (sizeof(long) - 1)))
        if (socksize < sizeof(*sdl))
                socksize = sizeof(*sdl);
        socksize = ROUNDUP(socksize);
	[...]
        sdl->sdl_len = socksize;

But unfortunately, ifp->if_addrlen is setup in ether_ifattach() (or the
corresponding function for other interface types). This function must be 
called after if_attach(), and therefore if_addrlen is uninitialized by the
time if_attach() uses it.

The result of this is that only the interface name is used in the size
calculation of the sdl the contains both the name and the mac address.
There is however a minimum data size of 12 bytes in the sockaddr_dl, and
therefore this code works for most cases anyway. In the case of an
ethernet interface, interfaces that has a name less than 7 characters will
work as the sdl will not exceed the minimum size. The limitation of
if_xname is 15 characters + null termination, so it is possible to create
interface names that makes NetBSD fail. It would be even easier for
interface types that have longer mac addresses.

/Andreas