Strange, on atrey ioctl() does not fill structure, and bird segfaults

on it. Now we "only" die().
author: Pavel Machek <pavel@ucw.cz> 1998-10-13 16:59:46 +0200
committer: Pavel Machek <pavel@ucw.cz> 1998-10-13 16:59:46 +0200
commit: fdf33cde1cd14a2a0215d6d459489e258fe20789 (patch)
tree: 522577ca1a1dd615a73160dc05769397041c0972
parent: 21580e304f612b276a90d2a90f4fb86569609255 (diff)
download: bird-fdf33cde1cd14a2a0215d6d459489e258fe20789.tar
bird-fdf33cde1cd14a2a0215d6d459489e258fe20789.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/sysdep/unix/sync-if.c b/sysdep/unix/sync-if.c
index 641565f..44f93f5 100644
--- a/sysdep/unix/sync-if.c
+++ b/sysdep/unix/sync-if.c
@@ -140,7 +140,7 @@ scan_if(timer *t)
 	  ic.ifc_ifcu.ifcu_req = r;
 	  ic.ifc_len = last_ifbuf_size;
 	  res = ioctl(if_scan_sock, SIOCGIFCONF, &ic);
-	  if (res < 0 && errno != EFAULT)
+	  if (res < 0 && errno != EFAULT)	/* FIXME: I would sigsegv you if I were kernel at this point */
 	    die("SIOCCGIFCONF: %m");
 	  if (res < last_ifbuf_size)
 	    {
@@ -149,8 +149,11 @@ scan_if(timer *t)
 	    }
 	}
       ic.ifc_ifcu.ifcu_req = NULL;
+      ic.ifc_len = 999999999;
       if (ioctl(if_scan_sock, SIOCGIFCONF, &ic) < 0)
 	die("SIOCIFCONF: %m");
+      if (ic.ifc_len > 100*1024)
+	die("Buf size MUCH too big: %d\n", ic.ifc_len);
       ic.ifc_len += sizeof(struct ifreq);
       if (last_ifbuf_size < ic.ifc_len)
 	{
author	Pavel Machek <pavel@ucw.cz>	1998-10-13 16:59:46 +0200
committer	Pavel Machek <pavel@ucw.cz>	1998-10-13 16:59:46 +0200
commit	fdf33cde1cd14a2a0215d6d459489e258fe20789 (patch)
tree	522577ca1a1dd615a73160dc05769397041c0972
parent	21580e304f612b276a90d2a90f4fb86569609255 (diff)
download	bird-fdf33cde1cd14a2a0215d6d459489e258fe20789.tar bird-fdf33cde1cd14a2a0215d6d459489e258fe20789.zip