svn commit: r295202 - head/contrib/bsnmp/snmp_mibII

Bjoern A. Zeeb bz at FreeBSD.org
Wed Feb 3 11:03:46 UTC 2016 

Author: bz
Date: Wed Feb  3 11:03:44 2016
New Revision: 295202
URL: https://svnweb.freebsd.org/changeset/base/295202

Log:
  Try to fix a bug introduced in r228623.  We started to copy the ifa_msghdr
  as otherwise platforms with strict alignment would break.  It's unclear
  to me if there's also a problem with access to the address list following
  the structure.  However we never copied the address list after the structure
  and thus are pointing at random memory.  For now just use a pointer to the
  original memory for accessing the address list making it at least work on
  platforms with weak memory access.
  
  PR:			195445
  Reported by:		wolfgang lyxys.ka.sub.org
  Tested by:		wolfgang lyxys.ka.sub.org (x86)
  MFC after:		3 days

Modified:
  head/contrib/bsnmp/snmp_mibII/mibII.c

Modified: head/contrib/bsnmp/snmp_mibII/mibII.c
==============================================================================
--- head/contrib/bsnmp/snmp_mibII/mibII.c	Wed Feb  3 10:39:29 2016	(r295201)
+++ head/contrib/bsnmp/snmp_mibII/mibII.c	Wed Feb  3 11:03:44 2016	(r295202)
@@ -982,7 +982,7 @@ handle_rtmsg(struct rt_msghdr *rtm)
 {
 	struct sockaddr *addrs[RTAX_MAX];
 	struct if_msghdr *ifm;
-	struct ifa_msghdr ifam;
+	struct ifa_msghdr ifam, *ifamp;
 	struct ifma_msghdr *ifmam;
 #ifdef RTM_IFANNOUNCE
 	struct if_announcemsghdr *ifan;
@@ -1002,8 +1002,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
 	switch (rtm->rtm_type) {
 
 	  case RTM_NEWADDR:
-		memcpy(&ifam, rtm, sizeof(ifam));
-		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
+		ifamp = (struct ifa_msghdr *)rtm;
+		memcpy(&ifam, ifamp, sizeof(ifam));
+		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
 		if (addrs[RTAX_IFA] == NULL || addrs[RTAX_NETMASK] == NULL)
 			break;
 
@@ -1029,8 +1030,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
 		break;
 
 	  case RTM_DELADDR:
-		memcpy(&ifam, rtm, sizeof(ifam));
-		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
+		ifamp = (struct ifa_msghdr *)rtm;
+		memcpy(&ifam, ifamp, sizeof(ifam));
+		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
 		if (addrs[RTAX_IFA] == NULL)
 			break;

More information about the svn-src-all mailing list