summaryrefslogtreecommitdiff
path: root/net/nmap
diff options
context:
space:
mode:
authorapb <apb@pkgsrc.org>2009-04-01 07:56:18 +0000
committerapb <apb@pkgsrc.org>2009-04-01 07:56:18 +0000
commit24ad50dd02b71e2e60b3dd408b801a50f38defe9 (patch)
treeb4e958fdd03ec4d7869d18fcc6063df35cc02666 /net/nmap
parent20742a4cc4bf10acd2860c4a0674c78910b54cb4 (diff)
downloadpkgsrc-24ad50dd02b71e2e60b3dd408b801a50f38defe9.tar.gz
Correct handling of the length of data returned by SIOCGIFCONF. The
actual length of each item is never less than sizeof(struct ifreq), but may be more than that. If the platform's struct sockaddr has an sa_len field, and if the length in sa_len is larger then the space available in ifr_ifru, then the data extends beyond the end of the ifr_ifru field by the difference in sizes.
Diffstat (limited to 'net/nmap')
-rw-r--r--net/nmap/distinfo3
-rw-r--r--net/nmap/patches/patch-ad61
2 files changed, 63 insertions, 1 deletions
diff --git a/net/nmap/distinfo b/net/nmap/distinfo
index ce4e1255c03..351c79c8caa 100644
--- a/net/nmap/distinfo
+++ b/net/nmap/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.38 2009/01/04 15:16:11 adrianp Exp $
+$NetBSD: distinfo,v 1.39 2009/04/01 07:56:18 apb Exp $
SHA1 (nmap-4.76.tar.bz2) = a71141738b4512b6d5b35ef94258e525df30a586
RMD160 (nmap-4.76.tar.bz2) = ec93522e05e7233e8950b28ab12b45355e63c0c7
Size (nmap-4.76.tar.bz2) = 6061317 bytes
SHA1 (patch-aa) = b47bb158aa9504e7bc0f3092e3370d49a82ec608
SHA1 (patch-ab) = bef6a0bc8481702319d14d3427169562f13e1526
+SHA1 (patch-ad) = 767ace3bb0c94db80ce3352692358b63463f4e30
SHA1 (patch-aj) = 5e306f51f5e0a07eb05d498547f95b526ffbdfc7
diff --git a/net/nmap/patches/patch-ad b/net/nmap/patches/patch-ad
new file mode 100644
index 00000000000..71a5d282470
--- /dev/null
+++ b/net/nmap/patches/patch-ad
@@ -0,0 +1,61 @@
+$NetBSD: patch-ad,v 1.13 2009/04/01 07:56:19 apb Exp $
+
+Correct handling of the length of data returned by SIOCGIFCONF. The
+actual length of each item is never less than sizeof(struct ifreq), but
+may be more than that. If the platform's struct sockaddr has an sa_len
+field, and if the length in sa_len is larger then the space available in
+ifr_ifru, then the data extends beyond the end of the ifr_ifru field by
+the difference in sizes.
+
+The previous code of the form
+
+ len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
+
+had two problems:
+
+1) It assumes that ifr_name and ifr_ifru are the only members
+ of struct ifreq, so that sizeof(ifr->ifr_name) is equivalent to
+ sizeof(struct ifr) - sizeof(ifr->ifr_ifreq). This assumption may
+ be incorrect on some thypothetical systems,
+ and it's just as efficient to use code that
+ avoids making the assumption.
+
+2) It assumes that ifr->ifr_addr.sa_len will never be smaller than
+ sizeof(ifr->ifr_ifru). This assumption is incorrect on some
+ systems, at least on NetBSD.
+
+--- tcpip.cc.orig 2008-09-04 14:41:59.000000000 +0000
++++ tcpip.cc
+@@ -2890,12 +2890,10 @@ int sd;
+ ifr = (struct ifreq *) buf;
+ if (ifc.ifc_len == 0)
+ fatal("%s: SIOCGIFCONF claims you have no network interfaces!\n", __func__);
+-#if HAVE_SOCKADDR_SA_LEN
+- /* len = MAX(sizeof(struct sockaddr), ifr->ifr_addr.sa_len);*/
+- len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
+-#else
+ len = sizeof(struct ifreq);
+- /* len = sizeof(SA); */
++#if HAVE_SOCKADDR_SA_LEN
++ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru))
++ len += (ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru));
+ #endif
+
+ /* Debugging code
+@@ -2914,10 +2912,13 @@ int sd;
+ printf("ifr = %X\n",(unsigned)(*(char **)&ifr));
+ */
+
+- /* On some platforms (such as FreeBSD), the length of each ifr changes
+- based on the sockaddr type used, so we get the next length now */
++ /* On platforms where struct sockaddr has an sa_len member, if
++ ifr_ddr.sa_len is larger then sizeof ifr_ifru, then the actual
++ data extends beyond the end of ifr_ifru. */
++ len = sizeof(struct ifreq);
+ #if HAVE_SOCKADDR_SA_LEN
+- len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
++ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru))
++ len += (ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru));
+ #endif
+
+ /* skip any device with no name */