Author: glebius
Date: Sun Jul 24 10:10:09 2016
New Revision: 303263
URL: https://svnweb.freebsd.org/changeset/base/303263
Log:
Partially revert r257696/r257713, which have an issue with writing to user
controlled address. Restore the old code that emulated OSIOCGIFCONF in if.c.
Noticed by: C Turt
Modified:
head/sys/compat/svr4/svr4_sockio.c
head/sys/net/if.c
Modified: head/sys/compat/svr4/svr4_sockio.c
==============================================================================
--- head/sys/compat/svr4/svr4_sockio.c Sun Jul 24 10:00:29 2016
(r303262)
+++ head/sys/compat/svr4/svr4_sockio.c Sun Jul 24 10:10:09 2016
(r303263)
@@ -73,6 +73,8 @@ bsd_to_svr4_flags(bf)
return sf;
}
+#define OSIOCGIFCONF _IOWR('i', 20, struct ifconf)
+
int
svr4_sock_ioctl(fp, td, retval, fd, cmd, data)
struct file *fp;
@@ -144,7 +146,6 @@ svr4_sock_ioctl(fp, td, retval, fd, cmd,
case SVR4_SIOCGIFCONF:
{
struct svr4_ifconf sc;
- struct ifconf *ifc;
if ((error = copyin(data, &sc, sizeof(sc))) != 0)
return error;
@@ -153,19 +154,9 @@ svr4_sock_ioctl(fp, td, retval, fd, cmd,
sizeof(struct ifreq), sizeof(struct svr4_ifreq),
sc.svr4_ifc_len));
- ifc = (struct ifconf *)≻
- ifc->ifc_req->ifr_addr.sa_family =
- sc.svr4_ifc_req->svr4_ifr_addr.sa_family;
- ifc->ifc_req->ifr_addr.sa_len =
- sizeof(struct osockaddr);
-
- error = fo_ioctl(fp, SIOCGIFCONF, &sc, td->td_ucred,
- td);
-
- sc.svr4_ifc_req->svr4_ifr_addr.sa_family =
- ifc->ifc_req->ifr_addr.sa_family;
-
- if (error != 0)
+ if ((error = fo_ioctl(fp, OSIOCGIFCONF,
+ (caddr_t) &sc, td->td_ucred,
+ td)) != 0)
return error;
DPRINTF(("SIOCGIFCONF\n"));
Modified: head/sys/net/if.c
==============================================================================
--- head/sys/net/if.c Sun Jul 24 10:00:29 2016 (r303262)
+++ head/sys/net/if.c Sun Jul 24 10:10:09 2016 (r303263)
@@ -2699,6 +2699,9 @@ ifhwioctl(u_long cmd, struct ifnet *ifp,
return (error);
}
+/* COMPAT_SVR4 */
+#define OSIOCGIFCONF _IOWR('i', 20, struct ifconf)
+
#ifdef COMPAT_FREEBSD32
struct ifconf32 {
int32_t ifc_len;
@@ -2738,6 +2741,7 @@ ifioctl(struct socket *so, u_long cmd, c
switch (cmd) {
case SIOCGIFCONF:
+ case OSIOCGIFCONF: /* COMPAT_SVR4 */
error = ifconf(cmd, data);
CURVNET_RESTORE();
return (error);
@@ -3009,6 +3013,15 @@ again:
if (prison_if(curthread->td_ucred, sa) != 0)
continue;
addrs++;
+ /* COMPAT_SVR4 */
+ if (cmd == OSIOCGIFCONF) {
+ struct osockaddr *osa =
+ (struct osockaddr *)&ifr.ifr_addr;
+ ifr.ifr_addr = *sa;
+ osa->sa_family = sa->sa_family;
+ sbuf_bcat(sb, &ifr, sizeof(ifr));
+ max_len += sizeof(ifr);
+ } else
if (sa->sa_len <= sizeof(*sa)) {
ifr.ifr_addr = *sa;
sbuf_bcat(sb, &ifr, sizeof(ifr));
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
