diff options
| -rw-r--r-- | net/nmap/distinfo | 3 | ||||
| -rw-r--r-- | net/nmap/patches/patch-ad | 61 |
2 files changed, 63 insertions, 1 deletions
diff --git a/net/nmap/distinfo b/net/nmap/distinfo index ce4e1255c03..351c79c8caa 100644 --- a/net/nmap/distinfo +++ b/net/nmap/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.38 2009/01/04 15:16:11 adrianp Exp $ +$NetBSD: distinfo,v 1.39 2009/04/01 07:56:18 apb Exp $ SHA1 (nmap-4.76.tar.bz2) = a71141738b4512b6d5b35ef94258e525df30a586 RMD160 (nmap-4.76.tar.bz2) = ec93522e05e7233e8950b28ab12b45355e63c0c7 Size (nmap-4.76.tar.bz2) = 6061317 bytes SHA1 (patch-aa) = b47bb158aa9504e7bc0f3092e3370d49a82ec608 SHA1 (patch-ab) = bef6a0bc8481702319d14d3427169562f13e1526 +SHA1 (patch-ad) = 767ace3bb0c94db80ce3352692358b63463f4e30 SHA1 (patch-aj) = 5e306f51f5e0a07eb05d498547f95b526ffbdfc7 diff --git a/net/nmap/patches/patch-ad b/net/nmap/patches/patch-ad new file mode 100644 index 00000000000..71a5d282470 --- /dev/null +++ b/net/nmap/patches/patch-ad @@ -0,0 +1,61 @@ +$NetBSD: patch-ad,v 1.13 2009/04/01 07:56:19 apb Exp $ + +Correct handling of the length of data returned by SIOCGIFCONF. The +actual length of each item is never less than sizeof(struct ifreq), but +may be more than that. If the platform's struct sockaddr has an sa_len +field, and if the length in sa_len is larger then the space available in +ifr_ifru, then the data extends beyond the end of the ifr_ifru field by +the difference in sizes. + +The previous code of the form + + len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name); + +had two problems: + +1) It assumes that ifr_name and ifr_ifru are the only members + of struct ifreq, so that sizeof(ifr->ifr_name) is equivalent to + sizeof(struct ifr) - sizeof(ifr->ifr_ifreq). This assumption may + be incorrect on some thypothetical systems, + and it's just as efficient to use code that + avoids making the assumption. + +2) It assumes that ifr->ifr_addr.sa_len will never be smaller than + sizeof(ifr->ifr_ifru). This assumption is incorrect on some + systems, at least on NetBSD. + +--- tcpip.cc.orig 2008-09-04 14:41:59.000000000 +0000 ++++ tcpip.cc +@@ -2890,12 +2890,10 @@ int sd; + ifr = (struct ifreq *) buf; + if (ifc.ifc_len == 0) + fatal("%s: SIOCGIFCONF claims you have no network interfaces!\n", __func__); +-#if HAVE_SOCKADDR_SA_LEN +- /* len = MAX(sizeof(struct sockaddr), ifr->ifr_addr.sa_len);*/ +- len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name); +-#else + len = sizeof(struct ifreq); +- /* len = sizeof(SA); */ ++#if HAVE_SOCKADDR_SA_LEN ++ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru)) ++ len += (ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru)); + #endif + + /* Debugging code +@@ -2914,10 +2912,13 @@ int sd; + printf("ifr = %X\n",(unsigned)(*(char **)&ifr)); + */ + +- /* On some platforms (such as FreeBSD), the length of each ifr changes +- based on the sockaddr type used, so we get the next length now */ ++ /* On platforms where struct sockaddr has an sa_len member, if ++ ifr_ddr.sa_len is larger then sizeof ifr_ifru, then the actual ++ data extends beyond the end of ifr_ifru. */ ++ len = sizeof(struct ifreq); + #if HAVE_SOCKADDR_SA_LEN +- len = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name); ++ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_ifru)) ++ len += (ifr->ifr_addr.sa_len - sizeof(ifr->ifr_ifru)); + #endif + + /* skip any device with no name */ |