[PATCH 1/2] rtnl_link: decode ifinfomsg netlink attributes
Dmitry V. Levin
ldv at altlinux.org
Fri Aug 18 11:12:00 UTC 2017
On Fri, Aug 18, 2017 at 04:43:57PM +0800, JingPiao Chen wrote:
[...]
> +static bool
> +decode_ifla_address(struct tcb *const tcp,
> + const kernel_ulong_t addr,
> + const unsigned int len,
> + const void *const opaque_data)
> +{
> + const struct ifinfomsg *const ifinfo = opaque_data;
> + union {
> + struct in_addr a4;
> + struct in6_addr a6;
> + } addrbuf;
> + int af;
> + size_t size = 0;
> +
> + switch (ifinfo->ifi_type) {
> + case ARPHRD_TUNNEL:
> + case ARPHRD_SIT:
> + case ARPHRD_IPGRE:
> + af = AF_INET;
> + size = sizeof(addrbuf.a4);
> + break;
> + case ARPHRD_TUNNEL6:
> + af = AF_INET6;
> + size = sizeof(addrbuf.a6);
> + break;
This doesn't look correct, other types are also in use,
just have a look at "strace -enetwork ip a".
> + }
> + if (!size || len < size) {
> + size_t i;
> + uint8_t buf;
> +
> + for (i = 0; i < len; i++) {
> + if (i)
> + tprints(":");
> + if (umove(tcp, addr + i, &buf) < 0) {
> + tprints("...");
> + break;
> + }
> + tprintf("%02x", buf);
> + }
This could be tricked into printing much more bytes than MAX_ADDR_LEN
bytes supported by the kernel.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20170818/941f0dbd/attachment.bin>
More information about the Strace-devel
mailing list