On Fri, Aug 18, 2017 at 04:43:57PM +0800, JingPiao Chen wrote:
[...]
> +static bool
> +decode_ifla_address(struct tcb *const tcp,
> + const kernel_ulong_t addr,
> + const unsigned int len,
> + const void *const opaque_data)
> +{
> + const struct ifinfomsg *const ifinfo = opaque_data;
> + union {
> + struct in_addr a4;
> + struct in6_addr a6;
> + } addrbuf;
> + int af;
> + size_t size = 0;
> +
> + switch (ifinfo->ifi_type) {
> + case ARPHRD_TUNNEL:
> + case ARPHRD_SIT:
> + case ARPHRD_IPGRE:
> + af = AF_INET;
> + size = sizeof(addrbuf.a4);
> + break;
> + case ARPHRD_TUNNEL6:
> + af = AF_INET6;
> + size = sizeof(addrbuf.a6);
> + break;
This doesn't look correct, other types are also in use,
just have a look at "strace -enetwork ip a".
> + }
> + if (!size || len < size) {
> + size_t i;
> + uint8_t buf;
> +
> + for (i = 0; i < len; i++) {
> + if (i)
> + tprints(":");
> + if (umove(tcp, addr + i, &buf) < 0) {
> + tprints("...");
> + break;
> + }
> + tprintf("%02x", buf);
> + }
This could be tricked into printing much more bytes than MAX_ADDR_LEN
bytes supported by the kernel.
--
ldv
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Strace-devel mailing list Strace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/strace-devel
