Gitiles
Code Review Sign In
gerrit.opencord.org / quagga / 7907c6c9d34a4f19dd7d4d8d81c3c8ae5000ee07^! / .
commit7907c6c9d34a4f19dd7d4d8d81c3c8ae5000ee07[log] [tgz]
authorajs <ajs>Tue Jul 26 19:55:31 2005 +0000
committerajs <ajs>Tue Jul 26 19:55:31 2005 +0000
treec57450ba246a26d4c37f1c2339b977d8293ee04d
parent330009f7b3742462ebd90f9c16f1ab734344b68c [diff]
2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
	* prefix.c: (prefix_ipv4_new, prefix_ipv6_new): Call prefix_new
	  to allocate the memory to make sure that all struct prefix pointers
	  point to objects of the same length (avoids memory overruns
	  on struct prefix assignments).
	  (prefix_ipv4_free, prefix_ipv6_free): Simply call prefix_free.
	  It is interesting to note that these functions are never actually
	  called anywhere in the code.  Instead prefix_free was already
	  being called directly, despite the previous MTYPE incompatibility.

	[backport candidate]

diff --git a/lib/ChangeLog b/lib/ChangeLog
index f67f2c1..42e80bd 100644
--- a/lib/ChangeLog
+++ b/lib/ChangeLog

@@ -1,4 +1,14 @@
 2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
+	* prefix.c: (prefix_ipv4_new, prefix_ipv6_new): Call prefix_new
+	  to allocate the memory to make sure that all struct prefix pointers
+	  point to objects of the same length (avoids memory overruns
+	  on struct prefix assignments).
+	  (prefix_ipv4_free, prefix_ipv6_free): Simply call prefix_free.
+	  It is interesting to note that these functions are never actually
+	  called anywhere in the code.  Instead prefix_free was already
+	  being called directly, despite the previous MTYPE incompatibility.
+
+2005-07-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
 
 	* prefix.c: (ip_masklen) While loop should test that 'pnt' pointer is
 	  in range before dereferencing it.

diff --git a/lib/prefix.c b/lib/prefix.c
index 1806ac4..c692203 100644
--- a/lib/prefix.c
+++ b/lib/prefix.c

@@ -199,7 +199,10 @@
 {
   struct prefix_ipv4 *p;
 
-  p = XCALLOC (MTYPE_PREFIX_IPV4, sizeof *p);
+  /* Call prefix_new to allocate a full-size struct prefix to avoid problems
+     where the struct prefix_ipv4 is cast to struct prefix and unallocated
+     bytes were being referenced (e.g. in structure assignments). */
+  p = (struct prefix_ipv4 *)prefix_new();
   p->family = AF_INET;
   return p;
 }
@@ -208,7 +211,7 @@
 void
 prefix_ipv4_free (struct prefix_ipv4 *p)
 {
-  XFREE (MTYPE_PREFIX_IPV4, p);
+  prefix_free((struct prefix *)p);
 }
 
 /* When string format is invalid return 0. */
@@ -348,7 +351,9 @@
 {
   struct prefix_ipv6 *p;
 
-  p = XCALLOC (MTYPE_PREFIX_IPV6, sizeof (struct prefix_ipv6));
+  /* Allocate a full-size struct prefix to avoid problems with structure
+     size mismatches. */
+  p = (struct prefix_ipv6 *)prefix_new();
   p->family = AF_INET6;
   return p;
 }
@@ -357,7 +362,7 @@
 void
 prefix_ipv6_free (struct prefix_ipv6 *p)
 {
-  XFREE (MTYPE_PREFIX_IPV6, p);
+  prefix_free((struct prefix *)p);
 }
 
 /* If given string is valid return pin6 else return NULL */