From f349e5b3fa0206cd6269df256911a73f52ff4a0b Mon Sep 17 00:00:00 2001 From: Nickolai Zeldovich Date: Wed, 30 Oct 2002 09:10:16 +0000 Subject: [PATCH] Allocate memory for the interface addr arrays dynamically to avoid potential overruns. --- src/viced/callback.c | 22 ++++++++++++++++++---- src/viced/host.c | 8 +++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/viced/callback.c b/src/viced/callback.c index bafec43dc..e70682546 100644 --- a/src/viced/callback.c +++ b/src/viced/callback.c @@ -1704,9 +1704,9 @@ int MultiBreakCallBackAlternateAddress(struct host *host, struct AFSCBFids *afid int MultiBreakCallBackAlternateAddress_r(struct host *host, struct AFSCBFids *afidp) { int i,j; - struct rx_connection* conns[AFS_MAX_INTERFACE_ADDR]; + struct rx_connection** conns; struct rx_connection* connSuccess = 0; - afs_int32 addr[AFS_MAX_INTERFACE_ADDR]; + afs_int32 *addr; static struct rx_securityClass *sc = 0; static struct AFSCBs tc = {0,0}; char hoststr[16]; @@ -1724,6 +1724,10 @@ int MultiBreakCallBackAlternateAddress_r(struct host *host, struct AFSCBFids *af if ( !sc ) sc = rxnull_NewClientSecurityObject(); + i = host->interface->numberOfInterfaces; + addr = malloc(i * sizeof(afs_int32)); + conns = malloc(i * sizeof(struct rx_connection *)); + /* initialize alternate rx connections */ for ( i=0,j=0; i < host->interface->numberOfInterfaces; i++) { @@ -1770,6 +1774,9 @@ int MultiBreakCallBackAlternateAddress_r(struct host *host, struct AFSCBFids *af if ( conns[i] != connSuccess ) rx_DestroyConnection(conns[i] ); + free(addr); + free(conns); + if ( connSuccess ) return 0; /* success */ else return 1; /* failure */ } @@ -1782,9 +1789,9 @@ int MultiBreakCallBackAlternateAddress_r(struct host *host, struct AFSCBFids *af int MultiProbeAlternateAddress_r(struct host *host) { int i,j; - struct rx_connection* conns[AFS_MAX_INTERFACE_ADDR]; + struct rx_connection** conns; struct rx_connection* connSuccess = 0; - afs_int32 addr[AFS_MAX_INTERFACE_ADDR]; + afs_int32 *addr; static struct rx_securityClass *sc = 0; char hoststr[16]; @@ -1801,6 +1808,10 @@ int MultiProbeAlternateAddress_r(struct host *host) if ( !sc ) sc = rxnull_NewClientSecurityObject(); + i = host->interface->numberOfInterfaces; + addr = malloc(i * sizeof(afs_int32)); + conns = malloc(i * sizeof(struct rx_connection *)); + /* initialize alternate rx connections */ for ( i=0,j=0; i < host->interface->numberOfInterfaces; i++) { @@ -1847,6 +1858,9 @@ int MultiProbeAlternateAddress_r(struct host *host) if ( conns[i] != connSuccess ) rx_DestroyConnection(conns[i] ); + free(addr); + free(conns); + if ( connSuccess ) return 0; /* success */ else return 1; /* failure */ } diff --git a/src/viced/host.c b/src/viced/host.c index 5edd3cf15..d41e2fcda 100644 --- a/src/viced/host.c +++ b/src/viced/host.c @@ -909,7 +909,6 @@ struct host *h_GetHost_r(struct rx_connection *tcon) int held; struct interfaceAddr interf; int interfValid = 0; - afs_int32 buffer[AFS_MAX_INTERFACE_ADDR]; struct Identity *identP = NULL; afs_int32 haddr; afs_int32 hport; @@ -1850,7 +1849,6 @@ static struct AFSFid zerofid; int CheckHost(register struct host *host, int held) { register struct client *client; - struct interfaceAddr interf; int code; /* Host is held by h_Enumerate */ @@ -1983,11 +1981,11 @@ initInterfaceAddr_r(struct host *host, struct interfaceAddr *interf) host->host, interf->numberOfInterfaces)); number = interf->numberOfInterfaces; - myPort = host->port; - myHost = host->host; /* current interface address */ + myPort = host->port; + myHost = host->host; /* current interface address */ /* validation checks */ - if ( number < 0 ) + if ( number < 0 || number > AFS_MAX_INTERFACE_ADDR ) { ViceLog(0,("Number of alternate addresses returned is %d\n", number)); -- 2.39.5