Strange, on atrey ioctl() does not fill structure, and bird segfaults

author Pavel Machek <pavel@ucw.cz>

Tue, 13 Oct 1998 14:59:46 +0000 (14:59 +0000)

committer Pavel Machek <pavel@ucw.cz>

Tue, 13 Oct 1998 14:59:46 +0000 (14:59 +0000)
author Pavel Machek <pavel@ucw.cz>
Tue, 13 Oct 1998 14:59:46 +0000 (14:59 +0000)
committer Pavel Machek <pavel@ucw.cz>
Tue, 13 Oct 1998 14:59:46 +0000 (14:59 +0000)
diff --git a/sysdep/unix/sync-if.c b/sysdep/unix/sync-if.c

index 641565fd819caab2bd1f3126cc27eee56354951a..44f93f5499ecca3e8d25a4bc54057d37e77023d6 100644 (file)
--- a/sysdep/unix/sync-if.c
+++ b/sysdep/unix/sync-if.c
@@ -140,7 +140,7 @@ scan_if(timer *t)
           ic.ifc_ifcu.ifcu_req = r;
           ic.ifc_len = last_ifbuf_size;
           res = ioctl(if_scan_sock, SIOCGIFCONF, &ic);
-         if (res < 0 && errno != EFAULT)
+         if (res < 0 && errno != EFAULT)       /* FIXME: I would sigsegv you if I were kernel at this point */
             die("SIOCCGIFCONF: %m");
           if (res < last_ifbuf_size)
             {
@@ -149,8 +149,11 @@ scan_if(timer *t)
             }
         }
        ic.ifc_ifcu.ifcu_req = NULL;
+      ic.ifc_len = 999999999;
        if (ioctl(if_scan_sock, SIOCGIFCONF, &ic) < 0)
         die("SIOCIFCONF: %m");
+      if (ic.ifc_len > 100*1024)
+       die("Buf size MUCH too big: %d\n", ic.ifc_len);
        ic.ifc_len += sizeof(struct ifreq);
        if (last_ifbuf_size < ic.ifc_len)
         {
author	Pavel Machek <pavel@ucw.cz>
	Tue, 13 Oct 1998 14:59:46 +0000 (14:59 +0000)
committer	Pavel Machek <pavel@ucw.cz>
	Tue, 13 Oct 1998 14:59:46 +0000 (14:59 +0000)