summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorajs <ajs>2005-07-26 19:55:31 +0000
committerajs <ajs>2005-07-26 19:55:31 +0000
commit7907c6c9d34a4f19dd7d4d8d81c3c8ae5000ee07 (patch)
treec57450ba246a26d4c37f1c2339b977d8293ee04d
parent330009f7b3742462ebd90f9c16f1ab734344b68c (diff)
2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* prefix.c: (prefix_ipv4_new, prefix_ipv6_new): Call prefix_new to allocate the memory to make sure that all struct prefix pointers point to objects of the same length (avoids memory overruns on struct prefix assignments). (prefix_ipv4_free, prefix_ipv6_free): Simply call prefix_free. It is interesting to note that these functions are never actually called anywhere in the code. Instead prefix_free was already being called directly, despite the previous MTYPE incompatibility. [backport candidate]
-rw-r--r--lib/ChangeLog10
-rw-r--r--lib/prefix.c13
2 files changed, 19 insertions, 4 deletions
diff --git a/lib/ChangeLog b/lib/ChangeLog
index f67f2c1e..42e80bd2 100644
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,4 +1,14 @@
2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
+ * prefix.c: (prefix_ipv4_new, prefix_ipv6_new): Call prefix_new
+ to allocate the memory to make sure that all struct prefix pointers
+ point to objects of the same length (avoids memory overruns
+ on struct prefix assignments).
+ (prefix_ipv4_free, prefix_ipv6_free): Simply call prefix_free.
+ It is interesting to note that these functions are never actually
+ called anywhere in the code. Instead prefix_free was already
+ being called directly, despite the previous MTYPE incompatibility.
+
+2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* prefix.c: (ip_masklen) While loop should test that 'pnt' pointer is
in range before dereferencing it.
diff --git a/lib/prefix.c b/lib/prefix.c
index 1806ac49..c6922036 100644
--- a/lib/prefix.c
+++ b/lib/prefix.c
@@ -199,7 +199,10 @@ prefix_ipv4_new ()
{
struct prefix_ipv4 *p;
- p = XCALLOC (MTYPE_PREFIX_IPV4, sizeof *p);
+ /* Call prefix_new to allocate a full-size struct prefix to avoid problems
+ where the struct prefix_ipv4 is cast to struct prefix and unallocated
+ bytes were being referenced (e.g. in structure assignments). */
+ p = (struct prefix_ipv4 *)prefix_new();
p->family = AF_INET;
return p;
}
@@ -208,7 +211,7 @@ prefix_ipv4_new ()
void
prefix_ipv4_free (struct prefix_ipv4 *p)
{
- XFREE (MTYPE_PREFIX_IPV4, p);
+ prefix_free((struct prefix *)p);
}
/* When string format is invalid return 0. */
@@ -348,7 +351,9 @@ prefix_ipv6_new (void)
{
struct prefix_ipv6 *p;
- p = XCALLOC (MTYPE_PREFIX_IPV6, sizeof (struct prefix_ipv6));
+ /* Allocate a full-size struct prefix to avoid problems with structure
+ size mismatches. */
+ p = (struct prefix_ipv6 *)prefix_new();
p->family = AF_INET6;
return p;
}
@@ -357,7 +362,7 @@ prefix_ipv6_new (void)
void
prefix_ipv6_free (struct prefix_ipv6 *p)
{
- XFREE (MTYPE_PREFIX_IPV6, p);
+ prefix_free((struct prefix *)p);
}
/* If given string is valid return pin6 else return NULL */