svn commit: r309305 - stable/9/sbin/dhclient

[Brooks Davis]

Author: brooks
Date: Wed Nov 30 01:41:40 2016
New Revision: 309305
URL: https://svnweb.freebsd.org/changeset/base/309305

Log:
  MFC r309027:
  
  Allocate a struct ifreq rather than using a (wrong) computed size for
  the BIOCSETIF ioctl.
  
  The kernel always copies an entire struct ifreq and IPv4 addresses will
  always fit in an ifreq.
  
  On systems with pointers larger than 64-bits, the computed size will be
  less than the size of struct ifreq, potentially resulting in the kernel
  attempting to copyin memory from outside the allocation.
  
  Reviewed by:	jhb
  Obtained from:	CheriBSD
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D8445

Modified:
  stable/9/sbin/dhclient/dispatch.c
Directory Properties:
  stable/9/sbin/dhclient/   (props changed)

Modified: stable/9/sbin/dhclient/dispatch.c
==============================================================================
--- stable/9/sbin/dhclient/dispatch.c	Wed Nov 30 01:22:12 2016	(r309304)
+++ stable/9/sbin/dhclient/dispatch.c	Wed Nov 30 01:41:40 2016	(r309305)
@@ -105,8 +105,8 @@ discover_interfaces(struct interface_inf
 			if (foo.sin_addr.s_addr == htonl(INADDR_LOOPBACK))
 				continue;
 			if (!iface->ifp) {
-				int len = IFNAMSIZ + ifa->ifa_addr->sa_len;
-				if ((tif = malloc(len)) == NULL)
+				if ((tif = calloc(1, sizeof(struct ifreq)))
+				    == NULL)
 					error("no space to remember ifp");
 				strlcpy(tif->ifr_name, ifa->ifa_name, IFNAMSIZ);
 				memcpy(&tif->ifr_addr, ifa->ifa_addr,