diff options
author | ajs <ajs> | 2005-07-26 19:55:31 +0000 |
---|---|---|
committer | ajs <ajs> | 2005-07-26 19:55:31 +0000 |
commit | 7907c6c9d34a4f19dd7d4d8d81c3c8ae5000ee07 (patch) | |
tree | c57450ba246a26d4c37f1c2339b977d8293ee04d /lib | |
parent | 330009f7b3742462ebd90f9c16f1ab734344b68c (diff) |
2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* prefix.c: (prefix_ipv4_new, prefix_ipv6_new): Call prefix_new
to allocate the memory to make sure that all struct prefix pointers
point to objects of the same length (avoids memory overruns
on struct prefix assignments).
(prefix_ipv4_free, prefix_ipv6_free): Simply call prefix_free.
It is interesting to note that these functions are never actually
called anywhere in the code. Instead prefix_free was already
being called directly, despite the previous MTYPE incompatibility.
[backport candidate]
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ChangeLog | 10 | ||||
-rw-r--r-- | lib/prefix.c | 13 |
2 files changed, 19 insertions, 4 deletions
diff --git a/lib/ChangeLog b/lib/ChangeLog index f67f2c1e..42e80bd2 100644 --- a/lib/ChangeLog +++ b/lib/ChangeLog @@ -1,4 +1,14 @@ 2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu> + * prefix.c: (prefix_ipv4_new, prefix_ipv6_new): Call prefix_new + to allocate the memory to make sure that all struct prefix pointers + point to objects of the same length (avoids memory overruns + on struct prefix assignments). + (prefix_ipv4_free, prefix_ipv6_free): Simply call prefix_free. + It is interesting to note that these functions are never actually + called anywhere in the code. Instead prefix_free was already + being called directly, despite the previous MTYPE incompatibility. + +2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu> * prefix.c: (ip_masklen) While loop should test that 'pnt' pointer is in range before dereferencing it. diff --git a/lib/prefix.c b/lib/prefix.c index 1806ac49..c6922036 100644 --- a/lib/prefix.c +++ b/lib/prefix.c @@ -199,7 +199,10 @@ prefix_ipv4_new () { struct prefix_ipv4 *p; - p = XCALLOC (MTYPE_PREFIX_IPV4, sizeof *p); + /* Call prefix_new to allocate a full-size struct prefix to avoid problems + where the struct prefix_ipv4 is cast to struct prefix and unallocated + bytes were being referenced (e.g. in structure assignments). */ + p = (struct prefix_ipv4 *)prefix_new(); p->family = AF_INET; return p; } @@ -208,7 +211,7 @@ prefix_ipv4_new () void prefix_ipv4_free (struct prefix_ipv4 *p) { - XFREE (MTYPE_PREFIX_IPV4, p); + prefix_free((struct prefix *)p); } /* When string format is invalid return 0. */ @@ -348,7 +351,9 @@ prefix_ipv6_new (void) { struct prefix_ipv6 *p; - p = XCALLOC (MTYPE_PREFIX_IPV6, sizeof (struct prefix_ipv6)); + /* Allocate a full-size struct prefix to avoid problems with structure + size mismatches. */ + p = (struct prefix_ipv6 *)prefix_new(); p->family = AF_INET6; return p; } @@ -357,7 +362,7 @@ prefix_ipv6_new (void) void prefix_ipv6_free (struct prefix_ipv6 *p) { - XFREE (MTYPE_PREFIX_IPV6, p); + prefix_free((struct prefix *)p); } /* If given string is valid return pin6 else return NULL */ |