diff options
author | Sami Kerola <kerolasa@iki.fi> | 2018-10-19 21:29:54 +0100 |
---|---|---|
committer | Sami Kerola <kerolasa@iki.fi> | 2018-10-22 22:18:27 +0100 |
commit | d52fa39545bfa8dd6656a5bfc6cf119c1d57381e (patch) | |
tree | ebb86a69d43f646cb0fbb49c9a7acfe1b439e68e | |
parent | 97926373401e4e794fa90f87b42c6cac9c35daf7 (diff) | |
download | iputils-d52fa39545bfa8dd6656a5bfc6cf119c1d57381e.tar.gz |
ping: check getifaddrs(3) ifa_name data before use
The getifaddrs(3) can return invalid data when system call is interrupted.
Issue was fixed in glibc 2.28 (relesed 2018-08-01). It is fair to assume
there are systems with older libc so make the ping more robust and check
ifa->ifa_name is not NULL before using it.
Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=21812
Addresses: https://github.com/iputils/iputils/issues/112
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
-rw-r--r-- | ping.c | 3 | ||||
-rw-r--r-- | ping6_common.c | 3 |
2 files changed, 4 insertions, 2 deletions
@@ -644,7 +644,8 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock) if (ret) error(2, errno, "gatifaddrs failed"); for (ifa = ifa0; ifa; ifa = ifa->ifa_next) { - if (!ifa->ifa_addr || ifa->ifa_addr->sa_family != AF_INET) + if (!ifa->ifa_name || !ifa->ifa_addr || + ifa->ifa_addr->sa_family != AF_INET) continue; if (!strcmp(ifa->ifa_name, device) && !memcmp(&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr, diff --git a/ping6_common.c b/ping6_common.c index c85adee..21e99bd 100644 --- a/ping6_common.c +++ b/ping6_common.c @@ -660,7 +660,8 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock error(2, errno, "getifaddrs"); for (ifa = ifa0; ifa; ifa = ifa->ifa_next) { - if (!ifa->ifa_addr || ifa->ifa_addr->sa_family != AF_INET6) + if (!ifa->ifa_name || !ifa->ifa_addr || + ifa->ifa_addr->sa_family != AF_INET6) continue; if (!strcmp(ifa->ifa_name, device) && IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr, |