Hi Linus, hi Dave, hi others,
today I found that one of my programs is not
able to find all interfaces. Program first computes
needed space by calling SIOCGIFCONF with size=64KB and
buffer=NULL, then allocates required space and calls
SIOCGIFCONF again, now with buffer address filled.
I've found that there is bug in linux/net/ipv4/devinet.c
introduced when someone optimized inet_gifconf function.
It now (in 2.3.x):
(1) returns interfaces*sizeof(void*) instead of
interfaces*sizeof(struct ifreq) and
(2) is possible to overrun buffer because of check
for enough space is done against sizeof(void*)
instead of sizeof(struct ifreq).
Patch is against 2.3.13-pre8. 2.2.x branch is unaffected.
Best regards,
Petr Vandrovec
[EMAIL PROTECTED]
P.S.: I'm now at home and I did not find Alexey's email :-(
--- linux/net/ipv4/devinet.c.orig Sat Jun 12 22:23:15 1999
+++ linux/net/ipv4/devinet.c Sat Aug 7 18:06:08 1999
@@ -615,10 +615,10 @@
for ( ; ifa; ifa = ifa->ifa_next) {
if (!ifr) {
- done += sizeof(ifr);
+ done += sizeof(*ifr);
continue;
}
- if (len < (int) sizeof(ifr))
+ if (len < (int) sizeof(*ifr))
return done;
memset(ifr, 0, sizeof(struct ifreq));
if (ifa->ifa_label)
