Fix an buffer overflow leading to random bytes in the hardware address.

author: Roy Marples <roy@marples.name> 2008-08-13 12:29:32 +0000
committer: Roy Marples <roy@marples.name> 2008-08-13 12:29:32 +0000
commit: 1c34afb04dee48693f808c9cfa55874abd74e7f5 (patch)
tree: 3f2a25e7a85c228f41538e6f216d22665192cab0 /net.c
parent: 91309576bd255aadb15e88d8fb3a67ffe1c3854d (diff)
download: dhcpcd-1c34afb04dee48693f808c9cfa55874abd74e7f5.tar.xz
1 files changed, 6 insertions, 6 deletions
diff --git a/net.c b/net.c
index 33008279..1e76700e 100644
--- a/net.c
+++ b/net.c
@@ -194,9 +194,8 @@ do_interface(const char *ifname,
 	struct sockaddr_in address;
 	struct ifreq *ifr;
 	struct sockaddr_in netmask;
-
 #ifdef AF_LINK
-	struct sockaddr_dl sdl;
+	struct sockaddr_dl *sdl;
 #endif
 
 	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
@@ -243,10 +242,11 @@ do_interface(const char *ifname,
 
 #ifdef AF_LINK
 		if (hwaddr && hwlen && ifr->ifr_addr.sa_family == AF_LINK) {
-			memcpy(&sdl, &ifr->ifr_addr, sizeof(sdl));
-			*hwlen = sdl.sdl_alen;
-			memcpy(hwaddr, sdl.sdl_data + sdl.sdl_nlen,
-			       (size_t)sdl.sdl_alen);
+			sdl = xmalloc(ifr->ifr_addr.sa_len);
+			memcpy(sdl, &ifr->ifr_addr, ifr->ifr_addr.sa_len);
+			*hwlen = sdl->sdl_alen;
+			memcpy(hwaddr, LLADDR(sdl), (size_t)sdl->sdl_alen);
+			free(sdl);
 			retval = 1;
 			break;
 		}
author	Roy Marples <roy@marples.name>	2008-08-13 12:29:32 +0000
committer	Roy Marples <roy@marples.name>	2008-08-13 12:29:32 +0000
commit	1c34afb04dee48693f808c9cfa55874abd74e7f5 (patch)
tree	3f2a25e7a85c228f41538e6f216d22665192cab0 /net.c
parent	91309576bd255aadb15e88d8fb3a67ffe1c3854d (diff)
download	dhcpcd-1c34afb04dee48693f808c9cfa55874abd74e7f5.tar.xz