From: Roy Marples <roy@marples.name>
Date: Wed, 13 Aug 2008 12:29:32 +0000 (+0000)
Subject: Fix an buffer overflow leading to random bytes in the hardware address.
X-Git-Tag: v4.0.2~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c34afb04dee48693f808c9cfa55874abd74e7f5;p=thirdparty%2Fdhcpcd.git

Fix an buffer overflow leading to random bytes in the hardware address.
---

diff --git a/net.c b/net.c
index 33008279..1e76700e 100644
--- a/net.c
+++ b/net.c
@@ -194,9 +194,8 @@ do_interface(const char *ifname,
 	struct sockaddr_in address;
 	struct ifreq *ifr;
 	struct sockaddr_in netmask;
-
 #ifdef AF_LINK
-	struct sockaddr_dl sdl;
+	struct sockaddr_dl *sdl;
 #endif
 
 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
@@ -243,10 +242,11 @@ do_interface(const char *ifname,
 
 #ifdef AF_LINK
 		if (hwaddr && hwlen && ifr->ifr_addr.sa_family == AF_LINK) {
-			memcpy(&sdl, &ifr->ifr_addr, sizeof(sdl));
-			*hwlen = sdl.sdl_alen;
-			memcpy(hwaddr, sdl.sdl_data + sdl.sdl_nlen,
-			       (size_t)sdl.sdl_alen);
+			sdl = xmalloc(ifr->ifr_addr.sa_len);
+			memcpy(sdl, &ifr->ifr_addr, ifr->ifr_addr.sa_len);
+			*hwlen = sdl->sdl_alen;
+			memcpy(hwaddr, LLADDR(sdl), (size_t)sdl->sdl_alen);
+			free(sdl);
 			retval = 1;
 			break;
 		}