Remove a bogus leftover use of a valid pointer as a throwaway variable

in getinterfaces. This was the cause of an overlapping memcpy reported at http://seclists.org/nmap-dev/2009/q2/0713.html. In the code, sin is a pointer that holds the address of the IP address configured for an interface. It is copied into a tmpifr.ifr_addr before each ioctl, perhaps because that is required on some platforms even though on Linux only ifr_name is needed by the ioctl. When the ioctl returns, it overwrites whatever was in ifr_addr because that member is in a union, so sin is kept in order to restore the address again before the next ioctl. In the code that handles SIOCGIFNETMASK, sin was mistakenly used as a temporary pointer and redirected to &tmpifr.ifr_addr. This caused all future memcpys before ioctl to copy tmpifr.ifr_addr to itself, rather than copying in the IP address of the interface. The throwaway sin assignment was not even used; the code that used it was modified in r2751. So now we just keep sin pointing where it should the whole time.
2025-12-07 13:11:28 +00:00 · 2009-07-08 23:09:35 +00:00
parent 4e9d7c17a5
commit 1d5f68a080
1 changed files with 2 additions and 1 deletions
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -2995,7 +2995,8 @@ static struct interface_info *getinterfaces_siocgifconf(int *howmany) {
    else if (rc < 0)
      mydevs[numifaces].netmask_bits = 32;
    else {
-      sin = (struct sockaddr_in *) &(tmpifr.ifr_addr); /* ifr_netmask only on Linux */
+      /* We would use ifr_netmask, but that's only on Linux, so use ifr_addr
+         which shares the same memory space in a union. */
      addr_stob(&(tmpifr.ifr_addr), &mydevs[numifaces].netmask_bits);
    }