Permalink
Browse files

make ifindex2ifnet growing code safer. from iij seil team

  • Loading branch information...
1 parent 3225e39 commit ba7600fe685898d1eb02980037a3dc25caf76de8 itojun committed Oct 1, 2003
Showing with 20 additions and 11 deletions.
  1. +7 −4 freebsd2/sys/net/if.c
  2. +0 −1 freebsd3/sys/net/if.c
  3. +8 −4 netbsd/sys/net/if.c
  4. +5 −2 openbsd/sys/net/if.c
View
@@ -165,28 +165,31 @@ if_attach(ifp)
* struct ifnet **ifindex2ifnet
*/
if (ifnet_addrs == 0 || ifindex2ifnet == 0 || if_index >= if_indexlim) {
- size_t n;
+ size_t m, n, oldlim;
caddr_t q;
- while(if_index >= if_indexlim)
+ oldlim = if_indexlim;
+ while (if_index >= if_indexlim)
if_indexlim <<= 1;
/* grow ifnet_addrs */
+ m = oldlim * sizeof(ifa);
n = if_indexlim * sizeof(ifa);
q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
bzero(q, n);
if (ifnet_addrs) {
- bcopy((caddr_t)ifnet_addrs, q, n/2);
+ bcopy((caddr_t)ifnet_addrs, q, m);
free((caddr_t)ifnet_addrs, M_IFADDR);
}
ifnet_addrs = (struct ifaddr **)q;
/* grow ifindex2ifnet */
+ n = oldlim * sizeof(struct ifnet *);
n = if_indexlim * sizeof(struct ifnet *);
q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
bzero(q, n);
if (ifindex2ifnet) {
- bcopy((caddr_t)ifindex2ifnet, q, n/2);
+ bcopy((caddr_t)ifindex2ifnet, q, m);
free((caddr_t)ifindex2ifnet, M_IFADDR);
}
ifindex2ifnet = (struct ifnet **)q;
View
@@ -176,7 +176,6 @@ if_attach(ifp)
LIST_INIT(&ifp->if_multiaddrs);
getmicrotime(&ifp->if_lastchange);
if (ifnet_addrs == 0 || if_index >= if_indexlim) {
- unsigned n;
caddr_t q;
if_indexlim <<= 1;
View
@@ -362,7 +362,8 @@ if_attach(ifp)
if (ifindex2ifnet == 0)
if_index++;
else
- while (ifindex2ifnet[ifp->if_index] != NULL) {
+ while (ifp->if_index < if_indexlim &&
+ ifindex2ifnet[ifp->if_index] != NULL) {
++if_index;
if (if_index == 0)
if_index = 1;
@@ -397,28 +398,31 @@ if_attach(ifp)
*/
if (ifnet_addrs == 0 || ifindex2ifnet == 0 ||
ifp->if_index >= if_indexlim) {
- size_t n;
+ size_t m, n, oldlim;
caddr_t q;
+ oldlim = if_indexlim;
while (ifp->if_index >= if_indexlim)
if_indexlim <<= 1;
/* grow ifnet_addrs */
+ m = oldlim * sizeof(struct ifaddr *);
n = if_indexlim * sizeof(struct ifaddr *);
q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
memset(q, 0, n);
if (ifnet_addrs) {
- bcopy((caddr_t)ifnet_addrs, q, n/2);
+ bcopy((caddr_t)ifnet_addrs, q, m);
free((caddr_t)ifnet_addrs, M_IFADDR);
}
ifnet_addrs = (struct ifaddr **)q;
/* grow ifindex2ifnet */
+ m = oldlim * sizeof(struct ifnet *);
n = if_indexlim * sizeof(struct ifnet *);
q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
memset(q, 0, n);
if (ifindex2ifnet) {
- bcopy((caddr_t)ifindex2ifnet, q, n/2);
+ bcopy((caddr_t)ifindex2ifnet, q, m);
free((caddr_t)ifindex2ifnet, M_IFADDR);
}
ifindex2ifnet = (struct ifnet **)q;
View
@@ -167,25 +167,28 @@ if_attachsetup(ifp)
size_t n;
caddr_t q;
+ oldlim = if_indexlim;
while (if_index >= if_indexlim)
if_indexlim <<= 1;
/* grow ifnet_addrs */
+ m = oldlim * sizeof(ifa);
n = if_indexlim * sizeof(ifa);
q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
bzero(q, n);
if (ifnet_addrs) {
- bcopy((caddr_t)ifnet_addrs, q, n/2);
+ bcopy((caddr_t)ifnet_addrs, q, m);
free((caddr_t)ifnet_addrs, M_IFADDR);
}
ifnet_addrs = (struct ifaddr **)q;
/* grow ifindex2ifnet */
+ m = oldlim * sizeof(struct ifnet *);
n = if_indexlim * sizeof(struct ifnet *);
q = (caddr_t)malloc(n, M_IFADDR, M_WAITOK);
bzero(q, n);
if (ifindex2ifnet) {
- bcopy((caddr_t)ifindex2ifnet, q, n/2);
+ bcopy((caddr_t)ifindex2ifnet, q, m);
free((caddr_t)ifindex2ifnet, M_IFADDR);
}
ifindex2ifnet = (struct ifnet **)q;

0 comments on commit ba7600f

Please sign in to comment.