rpms/radvd/F-12 radvd-1.5-realloc.patch, NONE, 1.1 radvd.spec, 1.55, 1.56 radvd-1.1-posix.patch, 1.2, NONE radvd-1.5-overflow.patch, 1.1, NONE
Jiri Skala
jskala at fedoraproject.org
Tue Jan 19 08:36:54 UTC 2010
Author: jskala
Update of /cvs/extras/rpms/radvd/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6974
Modified Files:
radvd.spec
Added Files:
radvd-1.5-realloc.patch
Removed Files:
radvd-1.1-posix.patch radvd-1.5-overflow.patch
Log Message:
* Thu Jan 19 2010 Jiri Skala <jskala at redhat.com> - 1.5-2
- committed re-make of patch fixing bug #554125
radvd-1.5-realloc.patch:
send.c | 72 +++++++++++++++++++++++++++++++++++++++++++----------------------
1 file changed, 48 insertions(+), 24 deletions(-)
--- NEW FILE radvd-1.5-realloc.patch ---
diff -up ./send.c.overflow ./send.c
--- ./send.c.overflow 2009-09-07 09:59:57.000000000 +0200
+++ ./send.c 2010-01-14 18:42:32.771774969 +0100
@@ -66,6 +66,24 @@ send_ra_forall(int sock, struct Interfac
return 0;
}
+static void
+send_ra_inc_len(unsigned char **buff, size_t *allocated, size_t *len, int add)
+{
+ size_t old_allocated = *allocated;
+ *len += add;
+ if(*len >= *allocated)
+ {
+ *allocated *= 2;
+ *buff = realloc(*buff, *allocated);
+ if(*buff == NULL)
+ {
+ flog(LOG_ERR, "Can't reallocate memory. Exiting.");
+ exit(1);
+ }
+ memset(*buff+old_allocated, 0, *allocated-old_allocated);
+ }
+}
+
int
send_ra(int sock, struct Interface *iface, struct in6_addr *dest)
{
@@ -80,12 +98,19 @@ send_ra(int sock, struct Interface *ifac
struct AdvPrefix *prefix;
struct AdvRoute *route;
struct AdvRDNSS *rdnss;
- /* XXX: we don't keep track if buff gets overflowed. In theory the sysadmin could
- do that with e.g., too many advertised prefixes or routes, but buff is just so
- large that this should never happen and if it does, it's admin's fault :-) */
- unsigned char buff[MSG_SIZE];
+
+ unsigned char *buff;
size_t len = 0;
ssize_t err;
+ size_t allocated = MSG_SIZE;
+
+ /* Allocate buffer */
+ buff = malloc(MSG_SIZE);
+ if(buff == NULL)
+ {
+ flog(LOG_ERR, "Can't allocate memory. Exiting.");
+ exit(1);
+ }
/* First we need to check that the interface hasn't been removed or deactivated */
if(check_device(sock, iface) < 0) {
@@ -134,7 +159,7 @@ send_ra(int sock, struct Interface *ifac
addr.sin6_port = htons(IPPROTO_ICMPV6);
memcpy(&addr.sin6_addr, dest, sizeof(struct in6_addr));
- memset(&buff, 0, sizeof(buff));
+ memset(buff, 0, allocated);
radvert = (struct nd_router_advert *) buff;
radvert->nd_ra_type = ND_ROUTER_ADVERT;
@@ -172,7 +197,8 @@ send_ra(int sock, struct Interface *ifac
{
struct nd_opt_prefix_info *pinfo;
- pinfo = (struct nd_opt_prefix_info *) (buff + len);
+ send_ra_inc_len(&buff, &allocated, &len, sizeof(*pinfo));
+ pinfo = (struct nd_opt_prefix_info *) (buff + len - sizeof(*pinfo));
pinfo->nd_opt_pi_type = ND_OPT_PREFIX_INFORMATION;
pinfo->nd_opt_pi_len = 4;
@@ -192,8 +218,6 @@ send_ra(int sock, struct Interface *ifac
memcpy(&pinfo->nd_opt_pi_prefix, &prefix->Prefix,
sizeof(struct in6_addr));
-
- len += sizeof(*pinfo);
}
prefix = prefix->next;
@@ -209,7 +233,8 @@ send_ra(int sock, struct Interface *ifac
{
struct nd_opt_route_info_local *rinfo;
- rinfo = (struct nd_opt_route_info_local *) (buff + len);
+ send_ra_inc_len(&buff, &allocated, &len, sizeof(*rinfo));
+ rinfo = (struct nd_opt_route_info_local *) (buff + len - sizeof(*rinfo));
rinfo->nd_opt_ri_type = ND_OPT_ROUTE_INFORMATION;
/* XXX: the prefixes are allowed to be sent in smaller chunks as well */
@@ -222,7 +247,6 @@ send_ra(int sock, struct Interface *ifac
memcpy(&rinfo->nd_opt_ri_prefix, &route->Prefix,
sizeof(struct in6_addr));
- len += sizeof(*rinfo);
route = route->next;
}
@@ -237,7 +261,8 @@ send_ra(int sock, struct Interface *ifac
{
struct nd_opt_rdnss_info_local *rdnssinfo;
- rdnssinfo = (struct nd_opt_rdnss_info_local *) (buff + len);
+ send_ra_inc_len(&buff, &allocated, &len, sizeof(*rdnssinfo) - (3-rdnss->AdvRDNSSNumber)*sizeof(struct in6_addr));
+ rdnssinfo = (struct nd_opt_rdnss_info_local *) (buff + len - (sizeof(*rdnssinfo) - (3-rdnss->AdvRDNSSNumber)*sizeof(struct in6_addr)));
rdnssinfo->nd_opt_rdnssi_type = ND_OPT_RDNSS_INFORMATION;
rdnssinfo->nd_opt_rdnssi_len = 1 + 2*rdnss->AdvRDNSSNumber;
@@ -254,7 +279,6 @@ send_ra(int sock, struct Interface *ifac
sizeof(struct in6_addr));
memcpy(&rdnssinfo->nd_opt_rdnssi_addr3, &rdnss->AdvRDNSSAddr3,
sizeof(struct in6_addr));
- len += sizeof(*rdnssinfo) - (3-rdnss->AdvRDNSSNumber)*sizeof(struct in6_addr);
rdnss = rdnss->next;
}
@@ -266,14 +290,13 @@ send_ra(int sock, struct Interface *ifac
if (iface->AdvLinkMTU != 0) {
struct nd_opt_mtu *mtu;
- mtu = (struct nd_opt_mtu *) (buff + len);
+ send_ra_inc_len(&buff, &allocated, &len, sizeof(*mtu));
+ mtu = (struct nd_opt_mtu *) (buff + len - sizeof(*mtu));
mtu->nd_opt_mtu_type = ND_OPT_MTU;
mtu->nd_opt_mtu_len = 1;
mtu->nd_opt_mtu_reserved = 0;
mtu->nd_opt_mtu_mtu = htonl(iface->AdvLinkMTU);
-
- len += sizeof(*mtu);
}
/*
@@ -285,16 +308,15 @@ send_ra(int sock, struct Interface *ifac
uint8_t *ucp;
unsigned int i;
- ucp = (uint8_t *) (buff + len);
+ send_ra_inc_len(&buff, &allocated, &len, 2 * sizeof(uint8_t));
+ ucp = (uint8_t *) (buff + len - 2 * sizeof(uint8_t));
*ucp++ = ND_OPT_SOURCE_LINKADDR;
*ucp++ = (uint8_t) ((iface->if_hwaddr_len + 16 + 63) >> 6);
- len += 2 * sizeof(uint8_t);
-
i = (iface->if_hwaddr_len + 7) >> 3;
- memcpy(buff + len, iface->if_hwaddr, i);
- len += i;
+ send_ra_inc_len(&buff, &allocated, &len, i);
+ memcpy(buff+len-i, iface->if_hwaddr, i);
}
/*
@@ -319,8 +341,8 @@ send_ra(int sock, struct Interface *ifac
a_ival.reserved = 0;
a_ival.adv_ival = htonl(ival);
- memcpy(buff + len, &a_ival, sizeof(a_ival));
- len += sizeof(a_ival);
+ send_ra_inc_len(&buff, &allocated, &len, sizeof(a_ival));
+ memcpy(buff+len-sizeof(a_ival), &a_ival, sizeof(a_ival));
}
/*
@@ -341,8 +363,8 @@ send_ra(int sock, struct Interface *ifac
ha_info.preference = htons(iface->HomeAgentPreference);
ha_info.lifetime = htons(iface->HomeAgentLifetime);
- memcpy(buff + len, &ha_info, sizeof(ha_info));
- len += sizeof(ha_info);
+ send_ra_inc_len(&buff, &allocated, &len, sizeof(ha_info));
+ memcpy(buff+len-sizeof(ha_info), &ha_info, sizeof(ha_info));
}
iov.iov_len = len;
@@ -381,6 +403,8 @@ send_ra(int sock, struct Interface *ifac
else
dlog(LOG_DEBUG, 3, "sendmsg: %s", strerror(errno));
}
+
+ free(buff);
return 0;
}
Index: radvd.spec
===================================================================
RCS file: /cvs/extras/rpms/radvd/F-12/radvd.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -p -r1.55 -r1.56
--- radvd.spec 14 Jan 2010 12:16:49 -0000 1.55
+++ radvd.spec 19 Jan 2010 08:36:54 -0000 1.56
@@ -5,7 +5,7 @@
Summary: A Router Advertisement daemon
Name: radvd
Version: 1.5
-Release: 1%{?dist}
+Release: 2%{?dist}
# The code includes the advertising clause, so it's GPL-incompatible
License: BSD with advertising
Group: System Environment/Daemons
@@ -18,7 +18,7 @@ Requires(pre): /usr/sbin/useradd
BuildRequires: flex, byacc
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: radvd-1.3-posix.patch
-Patch2: radvd-1.5-overflow.patch
+Patch2: radvd-1.5-realloc.patch
%description
radvd is the router advertisement daemon for IPv6. It listens to router
@@ -35,7 +35,7 @@ services.
%setup -q
%patch1 -p1 -b .posix
-%patch2 -p1 -b .overflow
+%patch2 -p1 -b .realloc
%build
export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fPIE"
@@ -97,6 +97,9 @@ fi
%{_sbindir}/radvdump
%changelog
+* Thu Jan 19 2010 Jiri Skala <jskala at redhat.com> - 1.5-2
+- committed re-make of patch fixing bug #554125
+
* Thu Jan 14 2010 Jan Gorig <jgorig at redhat.com> - 1.5-1
- updated do latest upstream version
- fixed #554125 - added error message
--- radvd-1.1-posix.patch DELETED ---
--- radvd-1.5-overflow.patch DELETED ---
More information about the scm-commits
mailing list