CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit

MFC r332151:

ifconf(): correct handling of sockaddrs smaller than struct sockaddr.

Portable programs that use SIOCGIFCONF (e.g. traceroute) assume
that each pseudo ifreq is of length MAX(sizeof(struct ifreq),
sizeof(ifr_name) + ifr_addr.sa_len). For short sockaddrs we copied
too much from the source sockaddr resulting in a heap leak.

I believe only one such sockaddr exists (struct sockaddr_sco which
is 8 bytes) and it is unclear if such sockaddrs end up on interfaces
in practice. If it did, the result would be an 8 byte heap leak on
current architectures.

admbugs: 869
Reviewed by: kib
Obtained from: CheriBSD
Security: kernel heap leak
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D14981

git-svn-id: svn://svn.freebsd.org/base/stable/10@332332 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	brooks <brooks@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Mon, 9 Apr 2018 16:32:49 +0000 (16:32 +0000)
committer	brooks <brooks@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Mon, 9 Apr 2018 16:32:49 +0000 (16:32 +0000)
commit	6de98d7d82d2c87a72bc604fd2b4431d6e95b85b
tree	8ac8ac3aae406b3486dd0ceecd60c968af9c62d7	tree \| snapshot
parent	74941d6079cb497ba4c14cb63ab69df076981a3c	commit \| diff