On Sat, 2013-07-20 at 16:46:51 +0000, Hiroki Sato wrote: > Author: hrs > Date: Sat Jul 20 16:46:51 2013 > New Revision: 253504 > URL: http://svnweb.freebsd.org/changeset/base/253504 > > Log: > - Simplify getaddr() and print_getmsg() by using RTAX_* instead of RTA_* > as the argument. > - Reduce unnecessary loop in print_getmsg(). > > Modified: > head/sbin/route/route.c > > Modified: head/sbin/route/route.c > ============================================================================== > --- head/sbin/route/route.c Sat Jul 20 15:58:43 2013 (r253503) > +++ head/sbin/route/route.c Sat Jul 20 16:46:51 2013 (r253504) > @@ -1105,7 +1105,7 @@ inet6_makenetandmask(struct sockaddr_in6 > * returning 1 if a host address, 0 if a network address. > */ > static int > -getaddr(int which, char *str, struct hostent **hpp, int nrflags) > +getaddr(int idx, char *str, struct hostent **hpp, int nrflags) > { > struct sockaddr *sa; > #if defined(INET) > @@ -1130,36 +1130,16 @@ getaddr(int which, char *str, struct hos > aflen = sizeof(struct sockaddr_dl); > #endif > } > - rtm_addrs |= which; > + rtm_addrs |= (1 << idx); > > - switch (which) { > - case RTA_DST: > - sa = (struct sockaddr *)&so[RTAX_DST]; > - break; > - case RTA_GATEWAY: > - sa = (struct sockaddr *)&so[RTAX_GATEWAY]; > - break; > - case RTA_NETMASK: > - sa = (struct sockaddr *)&so[RTAX_NETMASK]; > - break; > - case RTA_GENMASK: > - sa = (struct sockaddr *)&so[RTAX_GENMASK]; > - break; > - case RTA_IFA: > - sa = (struct sockaddr *)&so[RTAX_IFA]; > - break; > - case RTA_IFP: > - sa = (struct sockaddr *)&so[RTAX_IFP]; > - break; > - default: > + if (idx > RTAX_MAX) > usage("internal error"); > - /*NOTREACHED*/ > - } > + sa = (struct sockaddr *)&so[idx];
Coverity Scan flags this as an out-of-bounds write. RTAX_MAX is 8, so idx can be up to 8 (inclusive) in the check above. Do you want to check for idx >= RTAX_MAX maybe? idx is also signed ... Coverity CID is 1054779, btw. Cheers, Uli _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
