Avoid undefined behaviour in ifreq_to_smartlist

This could trigger where _SIZEOF_ADDR_IFREQ() might not return a
multiple of sizeof(void *). Fixes bug 14875; not in any released version
of Tor.

diff --git a/src/common/address.c b/src/common/address.c
index 8cdcd849452852f815f62a1e38a9260e338b270a..dbb92759d40486aab1e88cbca2297e6a1e594aaa 100644 (file)
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1383,17 +1383,24 @@ get_interface_addresses_win32(int severity)
 #define _SIZEOF_ADDR_IFREQ sizeof
 #endif
 
-/** Convert <b>*ifr</b>, an ifreq structure array of size <b>buflen</b>
+/** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>,
  * into smartlist of <b>tor_addr_t</b> structures.
  */
 STATIC smartlist_t *
-ifreq_to_smartlist(char *ifr, size_t buflen)
+ifreq_to_smartlist(char *buf, size_t buflen)
 {
   smartlist_t *result = smartlist_new();
+  char *end = buf + buflen;
 
-  struct ifreq *r = (struct ifreq *)ifr;
+  /* These acrobatics are due to alignment issues which trigger
+   * undefined behaviour traps on OSX. */
+  struct ifreq *r = tor_malloc(IFREQ_SIZE);
+
+  while (buf < end) {
+    /* Copy up to IFREQ_SIZE bytes into the struct ifreq, but don't overrun
+     * buf. */
+    memcpy(r, buf, end - buf < IFREQ_SIZE ? end - buf : IFREQ_SIZE);
 
-  while ((char *)r < (char *)ifr+buflen) {
     const struct sockaddr *sa = &r->ifr_addr;
     tor_addr_t tmp;
     int valid_sa_family = (sa->sa_family == AF_INET ||
@@ -1404,9 +1411,10 @@ ifreq_to_smartlist(char *ifr, size_t buflen)
     if (valid_sa_family && conversion_success)
       smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
 
-    r = (struct ifreq *)((char *)r + _SIZEOF_ADDR_IFREQ(*r));
+    buf += _SIZEOF_ADDR_IFREQ(*r);
   }
 
+  tor_free(r);
   return result;
 }