Date: Mon, 2 Feb 2004 19:34:59 -0800 (PST) From: Kelly Yancey <kbyanc@posi.net> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sbin/ifconfig ifconfig.c ifconfig.h Message-ID: <20040202193230.D17866@gateway.posi.net> In-Reply-To: <20040131225013.GA14981@Odin.AC.HMC.Edu> References: <200401270143.i0R1hEIO011023@repoman.freebsd.org> <20040131201747.GO908@cirb503493.alcatel.com.au> <20040131225013.GA14981@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 31 Jan 2004, Brooks Davis wrote:
> You are correct. I forgot about that issue. I'll commit this fix
> soon. On the plus side, this won't actually happen with real interfaces
> because the minimum size of sdl_data is larger then is actually needed
> by any interface I've found so in practice you will hit a NUL after the
> address.
>
I've never tried it, but in theory you could fill the sdl_data space with
source routing information on a token ring interface with a 6-character name.
One better, to the best of my knowledge, you can still corrupt the sdl_data
buffer in the same scenario with a 7-character interface name. That has
nothing to do with your change, though.
Kelly
--
Kelly Yancey - kbyanc@{posi.net,FreeBSD.org} - kelly@nttmcl.com
Visit the BSD driver database: http://www.posi.net/freebsd/drivers/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040202193230.D17866>