This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH][BZ #15698] Fix memory overrun in getifaddrs_internal.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: hjl dot tools at gmail dot com
- Cc: libc-alpha at sourceware dot org
- Date: Tue, 8 Oct 2013 18:57:38 +0200
- Subject: [PATCH][BZ #15698] Fix memory overrun in getifaddrs_internal.
- Authentication-results: sourceware.org; auth=none
Hi, a code at https://sourceware.org/bugzilla/show_bug.cgi?id=15698
contains a simple off-by-one error when preflen is divisible by 8.
Following code should fix this, as preflen is unsigned I added check for
zero len to be sure we do not cause underflow.
OK to commit?
* sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs_internal): Fix
memory overrun.
diff --git a/sysdeps/unix/sysv/linux/ifaddrs.c b/sysdeps/unix/sysv/linux/ifaddrs.c
index 89fda15..09676de 100644
--- a/sysdeps/unix/sysv/linux/ifaddrs.c
+++ b/sysdeps/unix/sysv/linux/ifaddrs.c
@@ -780,7 +780,7 @@ getifaddrs_internal (struct ifaddrs **ifap)
else
preflen = ifam->ifa_prefixlen;
- for (i = 0; i < (preflen / 8); i++)
+ for (i = 0; preflen && i < ((preflen - 1) / 8); i++)
*cp++ = 0xff;
c = 0xff;
c <<= (8 - (preflen % 8));