[radvd-devel-l] radvd buffer cleanups
Pekka Savola
radvd-devel-l@litech.org
Sat, 30 Jun 2001 12:36:21 +0300 (EEST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--1589707168-580626586-993893781=:4210
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
I got inspired to check a few possible buffer overflow (non-fatal, caused
by invalid definitions in radvd.conf by the system administrator and the
like) conditions in the code.
Yoshifuji of USAGI also contributed one small patch.
As some might be interested, here's the full diff against 0.6.2pl4.
Comments, patches etc. welcome of course :-)
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
--1589707168-580626586-993893781=:4210
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="radvd-cleanups.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.33.0106301236210.4210@netcore.fi>
Content-Description:
Content-Disposition: attachment; filename="radvd-cleanups.diff"
SW5kZXg6IENIQU5HRVMNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBm
aWxlOiAvd29yay9jdnNyb290L3JhZHZkL0NIQU5HRVMsdg0KcmV0cmlldmlu
ZyByZXZpc2lvbiAxLjQNCmRpZmYgLXUgLXIxLjQgQ0hBTkdFUw0KLS0tIENI
QU5HRVMJMjAwMS8wNi8xOSAyMzozMDowNwkxLjQNCisrKyBDSEFOR0VTCTIw
MDEvMDYvMzAgMDk6Mjg6MDINCkBAIC0xLDQgKzEsMTIgQEANCi0kSWQ6IENI
QU5HRVMsdiAxLjQgMjAwMS8wNi8xOSAyMzozMDowNyBwc2F2b2xhIEV4cCAk
DQorJElkOiBDSEFOR0VTLHYgMS41IDIwMDEvMDYvMjQgMjA6MTE6MzggcHNh
dm9sYSBFeHAgJA0KKw0KKzA2LzMwLzIwMDEJQ2hlY2sgZm9yIHBvc3NpYmxl
IGJ1ZmZlciBvdmVyZmxvd3M7IHJlcGxhY2Ugc3RyY3B5IHdpdGgNCisJCXN0
cm5jcHkuICBObyBmYXRhbHMgZm91bmQuICBSZW1vdmUgcmVkdW5hbnQgcmFk
dmQgLXQgY2hlY2suDQorCQkoUGVra2EgU2F2b2xhKQ0KKw0KKzA2LzI0LzIw
MDEJRml4IDEtYnl0ZSBvdmVyZmxvdyBpbiAvcHJvYy9uZXQvaWdtcDYgaGFu
ZGxpbmcsDQorICAgICAgICAgICAgICAgIGNsZWFuIG91dCBwb3NzaWJsZSBt
ZW1vcnkgZ2FyYmFnZSB3aGVuIHNlbmRpbmcgUkEncw0KKwkJKHBhdGNoIGZy
b20gPHlvc2hmdWppQGxpbnV4LWlwdjYub3JnPikuDQogDQogMDYvMTkvMjAw
MQlXaGVuIGRyb3BwaW5nIHJvb3QsIGFsc28gc2V0IHVwIHN1cHBsZW1lbnRh
cnkgZ3JvdXBzDQogCQlwcm9wZXJseS4gIE9uIExpbnV4LCB3aGVuIHNlbmRp
bmcgUkEncywgY2hlY2sgdGhhdCB0aGUNCkluZGV4OiBkZXZpY2UtYnNkNDQu
Yw0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PQ0KUkNTIGZpbGU6IC93b3JrL2N2
c3Jvb3QvcmFkdmQvZGV2aWNlLWJzZDQ0LmMsdg0KcmV0cmlldmluZyByZXZp
c2lvbiAxLjQNCmRpZmYgLXUgLXIxLjQgZGV2aWNlLWJzZDQ0LmMNCi0tLSBk
ZXZpY2UtYnNkNDQuYwkyMDAxLzA2LzE5IDIzOjE0OjQ4CTEuNA0KKysrIGRl
dmljZS1ic2Q0NC5jCTIwMDEvMDYvMzAgMDk6Mjg6MDMNCkBAIC0yMzMsNyAr
MjMzLDcgQEANCiAJfQ0KIAkNCiAJbWVtc2V0KCAmaWZyLCAwLCBzaXplb2Yo
IHN0cnVjdCBpZnJlcSApICk7DQotCXN0cmNweShpZnIuaWZyX25hbWUsIGlm
bik7DQorCXN0cm5jcHkoaWZyLmlmcl9uYW1lLCBpZm4sIElGTkFNU0laLTEp
Ow0KIAlpZnIuaWZyX2FkZHIuc2FfZmFtaWx5ID0gQUZfSU5FVDsNCiAJDQog
CWlmIChpb2N0bChmZCwgU0lPQ0dJRkFERFIsICZpZnIpIDwgMCkNCkluZGV4
OiBkZXZpY2UtY29tbW9uLmMNCj09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJD
UyBmaWxlOiAvd29yay9jdnNyb290L3JhZHZkL2RldmljZS1jb21tb24uYyx2
DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMS4xLjENCmRpZmYgLXUgLXIxLjEu
MS4xIGRldmljZS1jb21tb24uYw0KLS0tIGRldmljZS1jb21tb24uYwkyMDAx
LzA0LzAyIDE4OjQwOjAyCTEuMS4xLjENCisrKyBkZXZpY2UtY29tbW9uLmMJ
MjAwMS8wNi8zMCAwOToyODowMw0KQEAgLTIzLDcgKzIzLDcgQEANCiB7DQog
CXN0cnVjdCBpZnJlcQlpZnI7DQogCQ0KLQlzdHJjcHkoaWZyLmlmcl9uYW1l
LCBpZmFjZS0+TmFtZSk7DQorCXN0cm5jcHkoaWZyLmlmcl9uYW1lLCBpZmFj
ZS0+TmFtZSwgSUZOQU1TSVotMSk7DQogCQ0KIAlpZiAoaW9jdGwoc29jaywg
U0lPQ0dJRkZMQUdTLCAmaWZyKSA8IDApDQogCXsNCkluZGV4OiBkZXZpY2Ut
bGludXguYw0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KUkNTIGZpbGU6IC93
b3JrL2N2c3Jvb3QvcmFkdmQvZGV2aWNlLWxpbnV4LmMsdg0KcmV0cmlldmlu
ZyByZXZpc2lvbiAxLjUNCmRpZmYgLXUgLXIxLjUgZGV2aWNlLWxpbnV4LmMN
Ci0tLSBkZXZpY2UtbGludXguYwkyMDAxLzA2LzE5IDIzOjE0OjQ4CTEuNQ0K
KysrIGRldmljZS1saW51eC5jCTIwMDEvMDYvMzAgMDk6Mjg6MDMNCkBAIC0x
LDUgKzEsNSBAQA0KIC8qDQotICogICAkSWQ6IGRldmljZS1saW51eC5jLHYg
MS41IDIwMDEvMDYvMTkgMjM6MTQ6NDggcHNhdm9sYSBFeHAgJA0KKyAqICAg
JElkOiBkZXZpY2UtbGludXguYyx2IDEuNiAyMDAxLzA2LzI0IDIwOjExOjM4
IHBzYXZvbGEgRXhwICQNCiAgKg0KICAqICAgQXV0aG9yczoNCiAgKiAgICBM
YXJzIEZlbm5lYmVyZwkJPGxmQGVsZW1lbnRhbC5uZXQ+CSANCkBAIC0zNCw3
ICszNCw3IEBADQogCXN0cnVjdCBpZnJlcQlpZnI7DQogCXN0cnVjdCBBZHZQ
cmVmaXggKnByZWZpeDsNCiAJDQotCXN0cmNweShpZnIuaWZyX25hbWUsIGlm
YWNlLT5OYW1lKTsNCisJc3RybmNweShpZnIuaWZyX25hbWUsIGlmYWNlLT5O
YW1lLCBJRk5BTVNJWi0xKTsNCiAJDQogCWlmIChpb2N0bChzb2NrLCBTSU9D
R0lGSFdBRERSLCAmaWZyKSA8IDApDQogCXsNCkBAIC0xMTcsNyArMTE3LDcg
QEANCiAJCXJldHVybiAoLTEpOwkNCiAJfQ0KIAkNCi0Jd2hpbGUgKGZzY2Fu
ZihmcCwgIiUzMnMgJTAyeCAlMDJ4ICUwMnggJTAyeCAlc1xuIiwNCisJd2hp
bGUgKGZzY2FuZihmcCwgIiUzMnMgJTAyeCAlMDJ4ICUwMnggJTAyeCAlMTVz
XG4iLA0KIAkJICAgICAgc3RyX2FkZHIsICZpZl9pZHgsICZwbGVuLCAmc2Nv
cGUsICZkYWRfc3RhdHVzLA0KIAkJICAgICAgZGV2bmFtZSkgIT0gRU9GKQ0K
IAl7DQpAQCAtMTczLDcgKzE3Myw3IEBADQogCQ0KIAlGSUxFICpmcDsNCiAJ
dW5zaWduZWQgaW50IGlmX2lkeCwgYWxscm91dGVyc19vaz0wOw0KLQljaGFy
IGFkZHJbMzJdOw0KKwljaGFyIGFkZHJbMzIrMV07DQogCWludCByZXQ9MDsN
CiANCiAJaWYgKChmcCA9IGZvcGVuKFBBVEhfUFJPQ19ORVRfSUdNUDYsICJy
IikpID09IE5VTEwpDQpAQCAtMjE3LDcgKzIxNyw3IEBADQogCX0NCiAJDQog
CW1lbXNldCggJmlmciwgMCwgc2l6ZW9mKCBzdHJ1Y3QgaWZyZXEgKSApOw0K
LQlzdHJjcHkoaWZyLmlmcl9uYW1lLCBpZm4pOw0KKwlzdHJuY3B5KGlmci5p
ZnJfbmFtZSwgaWZuLCBJRk5BTVNJWi0xKTsNCiAJaWZyLmlmcl9hZGRyLnNh
X2ZhbWlseSA9IEFGX0lORVQ7DQogCQ0KIAlpZiAoaW9jdGwoZmQsIFNJT0NH
SUZBRERSLCAmaWZyKSA8IDApDQpJbmRleDogZ3JhbS55DQo9PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09DQpSQ1MgZmlsZTogL3dvcmsvY3Zzcm9vdC9yYWR2ZC9n
cmFtLnksdg0KcmV0cmlldmluZyByZXZpc2lvbiAxLjYNCmRpZmYgLXUgLXIx
LjYgZ3JhbS55DQotLS0gZ3JhbS55CTIwMDEvMDQvMjYgMTc6MDU6MTMJMS42
DQorKysgZ3JhbS55CTIwMDEvMDYvMzAgMDk6Mjg6MDMNCkBAIC0xNTAsNyAr
MTUwLDcgQEANCiAJCQl9DQogDQogCQkJaWZhY2VfaW5pdF9kZWZhdWx0cyhp
ZmFjZSk7DQotCQkJc3RyY3B5KGlmYWNlLT5OYW1lLCAkMik7DQorCQkJc3Ry
bmNweShpZmFjZS0+TmFtZSwgJDIsIElGTkFNU0laLTEpOw0KIAkJfQ0KIAkJ
Ow0KIAkNCkBAIC0zNDgsNyArMzQ4LDcgQEANCiAJCXwgVF9CYXNlNnRvNElu
dGVyZmFjZSBuYW1lICc7Jw0KIAkJew0KIAkJCWRsb2coTE9HX0RFQlVHLCA0
LCAidXNpbmcgaW50ZXJmYWNlICVzIGZvciA2dG80IiwgJDIpOw0KLQkJCXN0
cmNweShwcmVmaXgtPmlmNnRvNCwgJDIpOw0KKwkJCXN0cm5jcHkocHJlZml4
LT5pZjZ0bzQsICQyLCBJRk5BTVNJWi0xKTsNCiAJCX0NCiAJCTsNCiANCklu
ZGV4OiByYWR2ZC5jDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpSQ1MgZmls
ZTogL3dvcmsvY3Zzcm9vdC9yYWR2ZC9yYWR2ZC5jLHYNCnJldHJpZXZpbmcg
cmV2aXNpb24gMS44DQpkaWZmIC11IC1yMS44IHJhZHZkLmMNCi0tLSByYWR2
ZC5jCTIwMDEvMDYvMTkgMjM6MTQ6NDgJMS44DQorKysgcmFkdmQuYwkyMDAx
LzA2LzMwIDA5OjI4OjAzDQpAQCAtMTMzLDggKzEzMyw3IEBADQogCQkJfQ0K
IAkJCWJyZWFrOw0KIAkJY2FzZSAndCc6DQotCQkJaWYgKG9wdGFyZykgDQot
CQkJCWNocm9vdGRpciA9IHN0cmR1cChvcHRhcmcpOw0KKwkJCWNocm9vdGRp
ciA9IHN0cmR1cChvcHRhcmcpOw0KIAkJCWJyZWFrOw0KIAkJY2FzZSAndSc6
DQogCQkJdXNlcm5hbWUgPSBzdHJkdXAob3B0YXJnKTsNCkluZGV4OiByYWR2
ZC5oDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpSQ1MgZmlsZTogL3dvcmsv
Y3Zzcm9vdC9yYWR2ZC9yYWR2ZC5oLHYNCnJldHJpZXZpbmcgcmV2aXNpb24g
MS4zDQpkaWZmIC11IC1yMS4zIHJhZHZkLmgNCi0tLSByYWR2ZC5oCTIwMDEv
MDYvMTkgMjM6MDY6MTcJMS4zDQorKysgcmFkdmQuaAkyMDAxLzA2LzMwIDA5
OjI4OjAzDQpAQCAtNDQsNyArNDQsNyBAQA0KICNkZWZpbmUgSFdBRERSX01B
WCAxNg0KIA0KIHN0cnVjdCBJbnRlcmZhY2Ugew0KLQljaGFyCQkJTmFtZVtJ
Rk5BTVNJWisxXTsJLyogaW50ZXJmYWNlIG5hbWUgKi8NCisJY2hhcgkJCU5h
bWVbSUZOQU1TSVpdOwkvKiBpbnRlcmZhY2UgbmFtZSAqLw0KIA0KIAlzdHJ1
Y3QgaW42X2FkZHIJCWlmX2FkZHI7DQogCWludAkJCWlmX2luZGV4Ow0KQEAg
LTkzLDcgKzkzLDcgQEANCiAgICAgICAgIGludCAgICAgICAgICAgICAgICAg
ICAgIEFkdlJvdXRlckFkZHI7DQogDQogCS8qIDZ0bzQgZXh0ZW5zaW9ucyAq
Lw0KLQljaGFyCQkJaWY2dG80W0lGTkFNU0laKzFdOw0KKwljaGFyCQkJaWY2
dG80W0lGTkFNU0laXTsNCiAJaW50CQkJZW5hYmxlZDsNCiANCiAJc3RydWN0
IEFkdlByZWZpeAkqbmV4dDsNCkluZGV4OiBzY2FubmVyLmwNCj09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAvd29yay9jdnNyb290L3JhZHZk
L3NjYW5uZXIubCx2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuNQ0KZGlmZiAt
dSAtcjEuNSBzY2FubmVyLmwNCi0tLSBzY2FubmVyLmwJMjAwMS8wNS8xNSAx
NDo1OTo1MAkxLjUNCisrKyBzY2FubmVyLmwJMjAwMS8wNi8zMCAwOToyODow
Mw0KQEAgLTEwOSw3ICsxMDksNyBAQA0KIHtzdHJpbmd9CXsNCiAJCQlzdGF0
aWMgY2hhciBuYW1lW0lGTkFNU0laXTsNCiAJCQkJDQotCQkJc3RyY3B5KG5h
bWUsIHl5dGV4dCk7DQorCQkJc3RybmNweShuYW1lLCB5eXRleHQsIElGTkFN
U0laLTEpOw0KIAkJCXl5bHZhbC5zdHIgPSBuYW1lOw0KIAkJCXJldHVybiBT
VFJJTkc7DQogCQl9DQpJbmRleDogc2VuZC5jDQo9PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09DQpSQ1MgZmlsZTogL3dvcmsvY3Zzcm9vdC9yYWR2ZC9zZW5kLmMs
dg0KcmV0cmlldmluZyByZXZpc2lvbiAxLjMNCnJldHJpZXZpbmcgcmV2aXNp
b24gMS40DQpkaWZmIC11IC1yMS4zIC1yMS40DQotLS0gc2VuZC5jCTIwMDEv
MDYvMTkgMjM6MDY6MTcJMS4zDQorKysgc2VuZC5jCTIwMDEvMDYvMjQgMjA6
MTE6MzgJMS40DQpAQCAtMSw1ICsxLDUgQEANCiAvKg0KLSAqICAgJElkOiBz
ZW5kLmMsdiAxLjMgMjAwMS8wNi8xOSAyMzowNjoxNyBwc2F2b2xhIEV4cCAk
DQorICogICAkSWQ6IHNlbmQuYyx2IDEuNCAyMDAxLzA2LzI0IDIwOjExOjM4
IHBzYXZvbGEgRXhwICQNCiAgKg0KICAqICAgQXV0aG9yczoNCiAgKiAgICBQ
ZWRybyBSb3F1ZQkJPHJvcXVlQGRpLmZjLnVsLnB0Pg0KQEAgLTUwLDYgKzUw
LDcgQEANCiAJCWlmYWNlLT5sYXN0X211bHRpY2FzdCA9IHR2LnR2X3NlYzsN
CiAJfQ0KIAkNCisJbWVtc2V0KCh2b2lkICopJmFkZHIsIDAsIHNpemVvZihz
dHJ1Y3Qgc29ja2FkZHJfaW42KSk7DQogCWFkZHIuc2luNl9mYW1pbHkgPSBB
Rl9JTkVUNjsNCiAJYWRkci5zaW42X3BvcnQgPSBodG9ucyhJUFBST1RPX0lD
TVBWNik7DQogCW1lbWNweSgmYWRkci5zaW42X2FkZHIsIGRlc3QsIHNpemVv
ZihzdHJ1Y3QgaW42X2FkZHIpKTsNCkluZGV4OiB1dGlsLmMNCj09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAvd29yay9jdnNyb290L3JhZHZk
L3V0aWwuYyx2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMS4xLjENCmRpZmYg
LXUgLXIxLjEuMS4xIHV0aWwuYw0KLS0tIHV0aWwuYwkyMDAxLzA0LzAyIDE4
OjQwOjAyCTEuMS4xLjENCisrKyB1dGlsLmMJMjAwMS8wNi8zMCAwOToyODow
Mw0KQEAgLTM5LDYgKzM5LDcgQEANCiB7DQogCWNvbnN0IGNoYXIgKnJlczsN
CiANCisJLyogWFhYOiBvdmVyZmxvd3MgJ3N0cicgaWYgaXQgaXNuJ3QgYmln
IGVub3VnaCAqLw0KIAlyZXMgPSBpbmV0X250b3AoQUZfSU5FVDYsICh2b2lk
ICopYWRkciwgc3RyLCBJTkVUNl9BRERSU1RSTEVOKTsNCiAJDQogCWlmIChy
ZXMgPT0gTlVMTCkgDQo=
--1589707168-580626586-993893781=:4210--