summaryrefslogtreecommitdiff
path: root/zebra/kernel_null.c
diff options
context:
space:
mode:
authorDoug VanLeuven <roamdad@sonic.net>2012-10-10 16:11:36 -0700
committerDavid Lamparter <equinox@opensourcerouting.org>2012-11-05 11:12:08 -0500
commita05df8fd279e4af0f077de181fb6c4e7d7174267 (patch)
tree3b29c8d00b70dfbf9f9ff8ab90c29b970d0aea33 /zebra/kernel_null.c
parent3b33de676ac8e84b82f40520ecd0f4722e16b349 (diff)
zebra: kernel_socket: fix overflow in RTA_ADDR & RTA_ATTR
In zebra/kernel_socket.c, copying sockaddr from *_msghdr: There are really 2 different lengths that need to be determined. 1) the length required to point to the next sockaddr in the mesg buffer which might include any required padding and 2) the actual length of the sockaddr data that needs to be copied into the destination field. They may or may not be the same value. Sizeof sockaddr_in6 is 28, which to pad for alignment purposes on 32 bit systems with a long of 4 bytes is evenly divided and requires no padding. On 64 bit systems, with a long of 8 it is padded with 4 extra bytes.So the current RTA_* macros are copying 32 bytes into a 28 byte field on 64 bitsystems, where the field overflow did not occur on the 32 bit systems. Since using sa_len required the use of an #ifdef which couldn't be used directly inside a #define, it made sense to move the copy into the function to allow typdef checking throughout and eliminate the hack to suppress compiler warnings. Fixed declaration of cp in ifm_read after compiler noticed type mismatch. Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit) using gcc & clang Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Diffstat (limited to 'zebra/kernel_null.c')
0 files changed, 0 insertions, 0 deletions