diff options
author | Sebastian Hahn <sebastian@torproject.org> | 2015-02-12 14:56:47 +0100 |
---|---|---|
committer | Sebastian Hahn <sebastian@torproject.org> | 2015-02-12 14:56:47 +0100 |
commit | c8ce973dc7787b5fcf3fbe4527a45575b2fdf5d6 (patch) | |
tree | 141dc44e481839377204b299e36fb85cc528e8a4 | |
parent | 87a95b02363508dd6d9ce4094801c55d3b364ebf (diff) | |
download | tor-c8ce973dc7787b5fcf3fbe4527a45575b2fdf5d6.tar.gz tor-c8ce973dc7787b5fcf3fbe4527a45575b2fdf5d6.zip |
Avoid undefined behaviour in ifreq_to_smartlist
This could trigger where _SIZEOF_ADDR_IFREQ() might not return a
multiple of sizeof(void *). Fixes bug 14875; not in any released version
of Tor.
-rw-r--r-- | src/common/address.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/common/address.c b/src/common/address.c index 8cdcd84945..dbb92759d4 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1383,17 +1383,24 @@ get_interface_addresses_win32(int severity) #define _SIZEOF_ADDR_IFREQ sizeof #endif -/** Convert <b>*ifr</b>, an ifreq structure array of size <b>buflen</b> +/** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>, * into smartlist of <b>tor_addr_t</b> structures. */ STATIC smartlist_t * -ifreq_to_smartlist(char *ifr, size_t buflen) +ifreq_to_smartlist(char *buf, size_t buflen) { smartlist_t *result = smartlist_new(); + char *end = buf + buflen; - struct ifreq *r = (struct ifreq *)ifr; + /* These acrobatics are due to alignment issues which trigger + * undefined behaviour traps on OSX. */ + struct ifreq *r = tor_malloc(IFREQ_SIZE); + + while (buf < end) { + /* Copy up to IFREQ_SIZE bytes into the struct ifreq, but don't overrun + * buf. */ + memcpy(r, buf, end - buf < IFREQ_SIZE ? end - buf : IFREQ_SIZE); - while ((char *)r < (char *)ifr+buflen) { const struct sockaddr *sa = &r->ifr_addr; tor_addr_t tmp; int valid_sa_family = (sa->sa_family == AF_INET || @@ -1404,9 +1411,10 @@ ifreq_to_smartlist(char *ifr, size_t buflen) if (valid_sa_family && conversion_success) smartlist_add(result, tor_memdup(&tmp, sizeof(tmp))); - r = (struct ifreq *)((char *)r + _SIZEOF_ADDR_IFREQ(*r)); + buf += _SIZEOF_ADDR_IFREQ(*r); } + tor_free(r); return result; } |