aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastian Hahn <sebastian@torproject.org>2015-02-12 14:56:47 +0100
committerSebastian Hahn <sebastian@torproject.org>2015-02-12 14:56:47 +0100
commitc8ce973dc7787b5fcf3fbe4527a45575b2fdf5d6 (patch)
tree141dc44e481839377204b299e36fb85cc528e8a4
parent87a95b02363508dd6d9ce4094801c55d3b364ebf (diff)
downloadtor-c8ce973dc7787b5fcf3fbe4527a45575b2fdf5d6.tar.gz
tor-c8ce973dc7787b5fcf3fbe4527a45575b2fdf5d6.zip
Avoid undefined behaviour in ifreq_to_smartlist
This could trigger where _SIZEOF_ADDR_IFREQ() might not return a multiple of sizeof(void *). Fixes bug 14875; not in any released version of Tor.
-rw-r--r--src/common/address.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 8cdcd84945..dbb92759d4 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1383,17 +1383,24 @@ get_interface_addresses_win32(int severity)
#define _SIZEOF_ADDR_IFREQ sizeof
#endif
-/** Convert <b>*ifr</b>, an ifreq structure array of size <b>buflen</b>
+/** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>,
* into smartlist of <b>tor_addr_t</b> structures.
*/
STATIC smartlist_t *
-ifreq_to_smartlist(char *ifr, size_t buflen)
+ifreq_to_smartlist(char *buf, size_t buflen)
{
smartlist_t *result = smartlist_new();
+ char *end = buf + buflen;
- struct ifreq *r = (struct ifreq *)ifr;
+ /* These acrobatics are due to alignment issues which trigger
+ * undefined behaviour traps on OSX. */
+ struct ifreq *r = tor_malloc(IFREQ_SIZE);
+
+ while (buf < end) {
+ /* Copy up to IFREQ_SIZE bytes into the struct ifreq, but don't overrun
+ * buf. */
+ memcpy(r, buf, end - buf < IFREQ_SIZE ? end - buf : IFREQ_SIZE);
- while ((char *)r < (char *)ifr+buflen) {
const struct sockaddr *sa = &r->ifr_addr;
tor_addr_t tmp;
int valid_sa_family = (sa->sa_family == AF_INET ||
@@ -1404,9 +1411,10 @@ ifreq_to_smartlist(char *ifr, size_t buflen)
if (valid_sa_family && conversion_success)
smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
- r = (struct ifreq *)((char *)r + _SIZEOF_ADDR_IFREQ(*r));
+ buf += _SIZEOF_ADDR_IFREQ(*r);
}
+ tor_free(r);
return result;
}