mirror of
https://github.com/nmap/nmap.git
synced 2026-06-25 10:38:02 +00:00
0674925f73
On platforms supporting sa_len, NEXTIFR would skip over sa_len bytes
starting at the beginning of ifr_addr, and assume that was the end of
the struct. (The idea being that a large address such as a sockaddr_in6
could overflow the nominal struct boundary.) This logic was wrong when
there was something else in the union bigger than sa_len; we would
increment into somewhere in the middle of the same struct.
This exhibited itself on NetBSD, where struct ifreq has a
sockaddr_storage member in its internal union:
struct ifreq {
char ifr_name[IFNAMSIZ]; /* if name, e.g. "en0" */
union {
struct sockaddr ifru_addr;
struct sockaddr ifru_dstaddr;
struct sockaddr ifru_broadaddr;
struct sockaddr_storage ifru_space;
No, we skip over sa_len bytes, or to the nominal end of the struct,
whichever is larger.
Unix Network Programming gets this wrong too; in figure 17.8 they do
ptr += sizeof(ifr->ifr_name) + max(sizeof(struct sockaddr), ifr->ifr_addr.sa_len);
|
||
|---|---|---|
| .. | ||
| addr-util.c | ||
| addr.c | ||
| arp-bsd.c | ||
| arp-ioctl.c | ||
| arp-none.c | ||
| arp-win32.c | ||
| blob.c | ||
| crc32ct.h | ||
| err.c | ||
| eth-bsd.c | ||
| eth-dlpi.c | ||
| eth-linux.c | ||
| eth-ndd.c | ||
| eth-none.c | ||
| eth-pfilt.c | ||
| eth-snoop.c | ||
| eth-win32.c | ||
| fw-none.c | ||
| intf-win32.c | ||
| intf.c | ||
| ip-cooked.c | ||
| ip-util.c | ||
| ip-win32.c | ||
| ip.c | ||
| ip6.c | ||
| Makefile.am | ||
| Makefile.in | ||
| memcmp.c | ||
| rand.c | ||
| route-bsd.c | ||
| route-hpux.c | ||
| route-linux.c | ||
| route-none.c | ||
| route-win32.c | ||
| strlcat.c | ||
| strlcpy.c | ||
| strsep.c | ||
| tun-bsd.c | ||
| tun-linux.c | ||
| tun-none.c | ||
| tun-solaris.c | ||