Page MenuHomeFreeBSD

ifconf(): correct handling of sockaddrs smaller than struct sockaddr.
ClosedPublic

Authored by brooks on Apr 5 2018, 10:18 PM.
Tags
None
Referenced Files
F133382666: D14981.id41183.diff
Sat, Oct 25, 8:56 AM
Unknown Object (File)
Thu, Oct 23, 6:52 AM
Unknown Object (File)
Wed, Oct 15, 9:13 PM
Unknown Object (File)
Wed, Oct 15, 9:13 PM
Unknown Object (File)
Wed, Oct 15, 9:13 PM
Unknown Object (File)
Wed, Oct 15, 9:13 PM
Unknown Object (File)
Wed, Oct 15, 10:53 AM
Unknown Object (File)
Wed, Oct 1, 7:18 PM
Subscribers

Details

Summary

Portable programs that use SIOCGIFCONF (e.g. traceroute) assume that each pseudo
ifreq is of length MAX(sizeof(struct ifreq), sizeof(ifr_name) + ifr_addr.sa_len). For
short sockaddrs we copied too much from the source sockaddr resulting in a heap
leak.

I believe only one such sockaddr exists (struct sockaddr_sco which
is 8 bytes) and it is unclear if such sockaddrs end up on interfaces
in practice. If it did, the result would be an 8 byte heap leak on current architectures.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 16003
Build 15985: arc lint + arc unit

Event Timeline

sys/net/if.c
3158

But is it correct to report larger sa_len than it is the expected size of the address family address ?

sys/net/if.c
3158

I misread the code I was looking at and you are correct that we should not alter the sa_len. I'll fix it.

brooks marked 2 inline comments as done.
  • Preserve the sa_len of short sockaddrs. I misread the traceroute code.

I've updated the commit message to reflect my revised understanding.

This revision is now accepted and ready to land.Apr 6 2018, 4:39 PM
This revision was automatically updated to reflect the committed changes.