Module Name: src Committed By: martin Date: Sun Jul 7 12:58:45 UTC 2019
Modified Files: src/usr.sbin/sysinst: net.c Log Message: Fix some uninitialized memory access and a potential buffer overrun on machines with multiple network interfaces. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/usr.sbin/sysinst/net.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/sysinst/net.c diff -u src/usr.sbin/sysinst/net.c:1.30 src/usr.sbin/sysinst/net.c:1.31 --- src/usr.sbin/sysinst/net.c:1.30 Sat Jun 22 20:46:07 2019 +++ src/usr.sbin/sysinst/net.c Sun Jul 7 12:58:45 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: net.c,v 1.30 2019/06/22 20:46:07 christos Exp $ */ +/* $NetBSD: net.c,v 1.31 2019/07/07 12:58:45 martin Exp $ */ /* * Copyright 1997 Piermont Information Systems Inc. @@ -241,8 +241,8 @@ get_ifconfig_info(struct net_desc *devs) } buf = malloc (STRSIZE * sizeof(char)); - for (i = 0, buf_tmp = buf_in; strlen(buf_tmp) > 0 && buf_tmp < buf_in + - strlen(buf_in);) { + for (i = 0, buf_tmp = buf_in; i < MAX_NETS && strlen(buf_tmp) > 0 + && buf_tmp < buf_in + strlen(buf_in);) { tmp = stpncpy(buf, buf_tmp, strcspn(buf_tmp," \n")); *tmp='\0'; buf_tmp += (strcspn(buf_tmp, " \n") + 1) * sizeof(char); @@ -485,7 +485,7 @@ config_network(void) char buffer[STRSIZE]; struct statvfs sb; struct net_desc net_devs[MAX_NETS]; - menu_ent net_menu[5]; + menu_ent *net_menu; int menu_no; int num_devs; int selected_net; @@ -505,7 +505,13 @@ config_network(void) if (num_devs < 1) { /* No network interfaces found! */ hit_enter_to_continue(NULL, MSG_nonet); - return (-1); + return -1; + } + + net_menu = calloc(num_devs, sizeof(*net_menu)); + if (net_menu == NULL) { + err_msg_win(err_outofmem); + return -1; } for (i = 0; i < num_devs; i++) { @@ -513,18 +519,21 @@ config_network(void) net_menu[i].opt_flags = OPT_EXIT; net_menu[i].opt_action = set_menu_select; } -again: - selected_net = -1; + menu_no = new_menu(MSG_netdevs, net_menu, num_devs, -1, 4, 0, 0, MC_SCROLL, NULL, NULL, NULL, NULL, NULL); +again: + selected_net = -1; msg_display(MSG_asknetdev); process_menu(menu_no, &selected_net); - free_menu(menu_no); - - if (selected_net == -1) - return 0; + + if (selected_net == -1) { + free_menu(menu_no); + free(net_menu); + return 0; + } network_up = 1; dhcp_config = 0; @@ -751,6 +760,9 @@ done: if (!ask_yesno(MSG_netok_ok)) goto again; + free_menu(menu_no); + free(net_menu); + run_program(0, "/sbin/ifconfig lo0 127.0.0.1"); /* dhcpcd will have configured it all for us */