Date: Wed, 24 Jul 2013 15:00:47 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= <uqs@FreeBSD.org> To: Hiroki Sato <hrs@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r253504 - head/sbin/route Message-ID: <20130724130046.GD9092@acme.spoerlein.net> In-Reply-To: <201307201646.r6KGkpM6054344@svn.freebsd.org> References: <201307201646.r6KGkpM6054344@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2013-07-20 at 16:46:51 +0000, Hiroki Sato wrote: > Author: hrs > Date: Sat Jul 20 16:46:51 2013 > New Revision: 253504 > URL: http://svnweb.freebsd.org/changeset/base/253504 > > Log: > - Simplify getaddr() and print_getmsg() by using RTAX_* instead of RTA_* > as the argument. > - Reduce unnecessary loop in print_getmsg(). > > Modified: > head/sbin/route/route.c > > Modified: head/sbin/route/route.c > ============================================================================== > --- head/sbin/route/route.c Sat Jul 20 15:58:43 2013 (r253503) > +++ head/sbin/route/route.c Sat Jul 20 16:46:51 2013 (r253504) > @@ -1105,7 +1105,7 @@ inet6_makenetandmask(struct sockaddr_in6 > * returning 1 if a host address, 0 if a network address. > */ > static int > -getaddr(int which, char *str, struct hostent **hpp, int nrflags) > +getaddr(int idx, char *str, struct hostent **hpp, int nrflags) > { > struct sockaddr *sa; > #if defined(INET) > @@ -1130,36 +1130,16 @@ getaddr(int which, char *str, struct hos > aflen = sizeof(struct sockaddr_dl); > #endif > } > - rtm_addrs |= which; > + rtm_addrs |= (1 << idx); > > - switch (which) { > - case RTA_DST: > - sa = (struct sockaddr *)&so[RTAX_DST]; > - break; > - case RTA_GATEWAY: > - sa = (struct sockaddr *)&so[RTAX_GATEWAY]; > - break; > - case RTA_NETMASK: > - sa = (struct sockaddr *)&so[RTAX_NETMASK]; > - break; > - case RTA_GENMASK: > - sa = (struct sockaddr *)&so[RTAX_GENMASK]; > - break; > - case RTA_IFA: > - sa = (struct sockaddr *)&so[RTAX_IFA]; > - break; > - case RTA_IFP: > - sa = (struct sockaddr *)&so[RTAX_IFP]; > - break; > - default: > + if (idx > RTAX_MAX) > usage("internal error"); > - /*NOTREACHED*/ > - } > + sa = (struct sockaddr *)&so[idx]; Coverity Scan flags this as an out-of-bounds write. RTAX_MAX is 8, so idx can be up to 8 (inclusive) in the check above. Do you want to check for idx >= RTAX_MAX maybe? idx is also signed ... Coverity CID is 1054779, btw. Cheers, Uli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130724130046.GD9092>