CVS commit: src/usr.sbin/sysinst

[Martin Husemann]

Module Name:    src
Committed By:   martin
Date:           Sun Jul  7 12:58:45 UTC 2019

Modified Files:
        src/usr.sbin/sysinst: net.c

Log Message:
Fix some uninitialized memory access and a potential buffer overrun on
machines with multiple network interfaces.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/usr.sbin/sysinst/net.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/sysinst/net.c
diff -u src/usr.sbin/sysinst/net.c:1.30 src/usr.sbin/sysinst/net.c:1.31
--- src/usr.sbin/sysinst/net.c:1.30	Sat Jun 22 20:46:07 2019
+++ src/usr.sbin/sysinst/net.c	Sun Jul  7 12:58:45 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: net.c,v 1.30 2019/06/22 20:46:07 christos Exp $	*/
+/*	$NetBSD: net.c,v 1.31 2019/07/07 12:58:45 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -241,8 +241,8 @@ get_ifconfig_info(struct net_desc *devs)
 	}
 
 	buf = malloc (STRSIZE * sizeof(char));
-	for (i = 0, buf_tmp = buf_in; strlen(buf_tmp) > 0 && buf_tmp < buf_in +
-	     strlen(buf_in);) {
+	for (i = 0, buf_tmp = buf_in; i < MAX_NETS && strlen(buf_tmp) > 0
+	    && buf_tmp < buf_in + strlen(buf_in);) {
 		tmp = stpncpy(buf, buf_tmp, strcspn(buf_tmp," \n"));
 		*tmp='\0';
 		buf_tmp += (strcspn(buf_tmp, " \n") + 1) * sizeof(char);
@@ -485,7 +485,7 @@ config_network(void)
  	char buffer[STRSIZE];
  	struct statvfs sb;
 	struct net_desc net_devs[MAX_NETS];
-	menu_ent net_menu[5];
+	menu_ent *net_menu;
 	int menu_no;
 	int num_devs;
 	int selected_net;
@@ -505,7 +505,13 @@ config_network(void)
 	if (num_devs < 1) {
 		/* No network interfaces found! */
 		hit_enter_to_continue(NULL, MSG_nonet);
-		return (-1);
+		return -1;
+	}
+
+	net_menu = calloc(num_devs, sizeof(*net_menu));
+	if (net_menu == NULL) {
+		err_msg_win(err_outofmem);
+		return -1;
 	}
 
 	for (i = 0; i < num_devs; i++) {
@@ -513,18 +519,21 @@ config_network(void)
 		net_menu[i].opt_flags = OPT_EXIT;
 		net_menu[i].opt_action = set_menu_select;
 	}
-again:
-	selected_net = -1;
+
 	menu_no = new_menu(MSG_netdevs,
 		net_menu, num_devs, -1, 4, 0, 0,
 		MC_SCROLL,
 		NULL, NULL, NULL, NULL, NULL);
+again:
+	selected_net = -1;
 	msg_display(MSG_asknetdev);
 	process_menu(menu_no, &selected_net);
-	free_menu(menu_no);
-	
-	if (selected_net == -1)
-	    return 0;
+
+	if (selected_net == -1) {
+		free_menu(menu_no);
+		free(net_menu);
+		return 0;
+	}
 
 	network_up = 1;
 	dhcp_config = 0;
@@ -751,6 +760,9 @@ done:
 	if (!ask_yesno(MSG_netok_ok))
 		goto again;
 
+	free_menu(menu_no);
+	free(net_menu);
+
 	run_program(0, "/sbin/ifconfig lo0 127.0.0.1");
 
 	/* dhcpcd will have configured it all for us */