Try to fix a bug introduced in r228623. We started to copy the ifa_msghdr

as otherwise platforms with strict alignment would break.  It's unclear
to me if there's also a problem with access to the address list following
the structure.  However we never copied the address list after the structure
and thus are pointing at random memory.  For now just use a pointer to the
original memory for accessing the address list making it at least work on
platforms with weak memory access.

PR:			195445
Reported by:		wolfgang lyxys.ka.sub.org
Tested by:		wolfgang lyxys.ka.sub.org (x86)
MFC after:		3 days
This commit is contained in:
bz 2016-02-03 11:03:44 +00:00
parent 71c4d79a10
commit 5b67986f72

View File

@ -982,7 +982,7 @@ handle_rtmsg(struct rt_msghdr *rtm)
{
struct sockaddr *addrs[RTAX_MAX];
struct if_msghdr *ifm;
struct ifa_msghdr ifam;
struct ifa_msghdr ifam, *ifamp;
struct ifma_msghdr *ifmam;
#ifdef RTM_IFANNOUNCE
struct if_announcemsghdr *ifan;
@ -1002,8 +1002,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
switch (rtm->rtm_type) {
case RTM_NEWADDR:
memcpy(&ifam, rtm, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
ifamp = (struct ifa_msghdr *)rtm;
memcpy(&ifam, ifamp, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
if (addrs[RTAX_IFA] == NULL || addrs[RTAX_NETMASK] == NULL)
break;
@ -1029,8 +1030,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
break;
case RTM_DELADDR:
memcpy(&ifam, rtm, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
ifamp = (struct ifa_msghdr *)rtm;
memcpy(&ifam, ifamp, sizeof(ifam));
mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
if (addrs[RTAX_IFA] == NULL)
break;