Page MenuHomeFreeBSD

ifconf(): correct handling of sockaddrs smaller than struct sockaddr.
ClosedPublic

Authored by brooks on Apr 5 2018, 10:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 19, 4:16 PM
Unknown Object (File)
Sat, Jan 11, 8:10 PM
Unknown Object (File)
Dec 23 2024, 1:32 AM
Unknown Object (File)
Dec 21 2024, 7:01 PM
Unknown Object (File)
Nov 29 2024, 12:10 PM
Unknown Object (File)
Nov 17 2024, 5:57 PM
Unknown Object (File)
Oct 31 2024, 3:23 AM
Unknown Object (File)
Oct 18 2024, 9:50 AM
Subscribers

Details

Summary

Portable programs that use SIOCGIFCONF (e.g. traceroute) assume that each pseudo
ifreq is of length MAX(sizeof(struct ifreq), sizeof(ifr_name) + ifr_addr.sa_len). For
short sockaddrs we copied too much from the source sockaddr resulting in a heap
leak.

I believe only one such sockaddr exists (struct sockaddr_sco which
is 8 bytes) and it is unclear if such sockaddrs end up on interfaces
in practice. If it did, the result would be an 8 byte heap leak on current architectures.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 16019
Build 15998: arc lint + arc unit

Event Timeline

sys/net/if.c
3158

But is it correct to report larger sa_len than it is the expected size of the address family address ?

sys/net/if.c
3158

I misread the code I was looking at and you are correct that we should not alter the sa_len. I'll fix it.

brooks marked 2 inline comments as done.
  • Preserve the sa_len of short sockaddrs. I misread the traceroute code.

I've updated the commit message to reflect my revised understanding.

This revision is now accepted and ready to land.Apr 6 2018, 4:39 PM
This revision was automatically updated to reflect the committed changes.