2002/05/16 yoshfuji

2002/05/16 yoshfuji
* kernel/linux2{2,4}/net/ipv6/icmp.c, src/iputils/ping6.c:
[SECURITY] fixed buffer overrun while calculating node group address.

Index: kernel/linux22/net/ipv6/icmp.c
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux22/net/ipv6/icmp.c,v
retrieving revision 1.28
retrieving revision 1.28.6.1
diff -u -r1.28 -r1.28.6.1
--- kernel/linux22/net/ipv6/icmp.c 2001/09/17 02:05:20 1.28
+++ kernel/linux22/net/ipv6/icmp.c 2002/05/15 17:19:26 1.28.6.1
@@ -1,4 +1,4 @@
-/* $USAGI: icmp.c,v 1.28 2001/09/17 02:05:20 yoshfuji Exp $ */
+/* $USAGI: icmp.c,v 1.28.6.1 2002/05/15 17:19:26 yoshfuji Exp $ */

/*
* Internet Control Message Protocol (ICMPv6)
@@ -487,12 +487,12 @@
icmpv6_ni_qtype_table[qtype].name : "unknown");
}

-static size_t str2lower(char *dst, const char *src)
+static size_t str2lower(char *dst, const char *src, size_t len)
{
const char *p;
char *q;
size_t i;
- for (p = src, q = dst, i = 0; *p; p++, i++)
+ for (p = src, q = dst, i = 0; *p && i + 1 < len; p++, i++)
*q++ = isupper(*p) ? tolower(*p) : *p;
*q = '\0';
return i;
@@ -506,7 +506,7 @@
char hbuf[NI_MAX_SYSNAME_LEN];
struct in6_addr in6;
int len;
- (void)str2lower(&hbuf[1], name);
+ (void)str2lower(&hbuf[1], name, sizeof(hbuf)-1);
p = strchr(&hbuf[1], '.');
len = p ? (p - &hbuf[1]) : strlen(&hbuf[1]);
if (len >= 0x40) {
@@ -685,13 +685,13 @@
char *cp = (char *)dst;
int dcnt = 0;
#ifdef CONFIG_IPV6_NODEINFO_USE_UTS_DOMAIN
- size_t nodelen = str2lower(cp + 1, system_utsname.nodename);
+ size_t nodelen = str2lower(cp + 1, system_utsname.nodename, sizeof(system_utsname.nodename));
if (strcmp(system_utsname.domainname, __UTS_NODENAME_NONE)) {
*(cp + 1 + nodelen) = '.';
- (void)str2lower(cp + 1 + nodelen + 1, system_utsname.domainname);
+ (void)str2lower(cp + 1 + nodelen + 1, system_utsname.domainname, sizeof(system_utsname.domainname));
}
#else
- (void)str2lower(cp + 1, system_utsname.nodename);
+ (void)str2lower(cp + 1, system_utsname.nodename, sizeof(system_utsname.nodename));
#endif
up(&uts_sem);
sysname_known = 1;