Date: Thu, 30 Mar 2000 08:30:03 -0800 (PST) From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/17492: There is a bug in SIOCGIFCONF ioctl code Message-ID: <200003301630.IAA35471@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/17492; it has been noted by GNATS. From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: <freebsd-gnats-submit@FreeBSD.org>, <alo@iki.fi> Cc: Subject: Re: kern/17492: There is a bug in SIOCGIFCONF ioctl code Date: Thu, 30 Mar 2000 11:27:41 -0500 This bug is the same as described in PR kern/17311. Basically what goes wrong is that the variable "space" can be decremented too much resulting in a negative number. Then, when you do a compare between space and sizeof(xxx) to verify if there is enough room for the next interface config structure, the comparison succeeds because with the "signed" int (space) gets silently casted to an "unsigned" int, (which of course is fairly large). PR 17311 contains a more complete fix than just changing all sizeof(xxx) to (int)sizeof(xxx), which may result in incomplete structures being copied over. Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003301630.IAA35471>