Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Oct 2006 21:15:44 GMT
From:      "Christian S.J. Peron" <csjp@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 108692 for review
Message-ID:  <200610292115.k9TLFiGr026668@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=108692

Change 108692 by csjp@csjp_xor on 2006/10/29 21:14:45

	Change the type of ar_arg_sockaddr from struct sockaddr to struct sockaddr_storage.
	This structure is defined in RFC 2553 and is a more semantically correct structure
	for holding IP and IP6 sockaddr information. struct sockaddr is not big enough to
	hold all the required information for IP6, resulting in truncated addresses et al
	when auditing IP6 sockaddr information.
	
	We also need to assume that the sa->sa_len has been validated before the call to
	audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
	
	This is being done to accomidate auditing of network related arguments (like connect,
	bind et al) that will be added soon.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#22 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#35 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#22 (text+ko) ====

@@ -417,8 +417,7 @@
 	if (ar == NULL)
 		return;
 
-	bcopy(sa, &ar->k_ar.ar_arg_sockaddr,
-	    sizeof(ar->k_ar.ar_arg_sockaddr));
+	bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len);
 	switch (sa->sa_family) {
 	case AF_INET:
 		ARG_SET_VALID(ar, ARG_SADDRINET);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#35 (text+ko) ====

@@ -208,7 +208,6 @@
 	u_int			ar_arg_signum;
 	char			ar_arg_login[MAXLOGNAME];
 	int			ar_arg_ctlname[CTL_MAXNAME];
-	struct sockaddr		ar_arg_sockaddr;
 	struct socket_au_info	ar_arg_sockinfo;
 	char			*ar_arg_upath1;
 	char			*ar_arg_upath2;
@@ -230,6 +229,7 @@
 	int			ar_arg_envc;
 	int			ar_arg_exitstatus;
 	int			ar_arg_exitretval;
+	struct sockaddr_storage ar_arg_sockaddr;
 };
 
 /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610292115.k9TLFiGr026668>