Project

General

Profile

Actions

Bug #13882

closed

libipadm ipadm_if_info() is not 64bit safe

Added by Hans Rosenfeld 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

The type checks I added to #13863 showed that ipadm_if_info() may suffer from a similar issue as #13866.

The underlying door call uses ipmgmt_getif_rval_t, which embeds an array of ipadm_if_info_t structures, which in turn contains a pointer used for making a single-linked list of ipadm_if_info_t structures:

typedef struct ipadm_if_info_s {
    struct ipadm_if_info_s    *ifi_next;
    char            ifi_name[LIFNAMSIZ];    /* interface name */
    ipadm_if_state_t    ifi_state;        /* see above */
    uint_t            ifi_cflags;        /* current flags */
    uint_t            ifi_pflags;        /* persistent flags */
} ipadm_if_info_t;

The door call from libipadm to ipmgmtd doesn't use the ifi_next pointer, it just copies an array across the door and sets the list pointers later. Due to the different pointer size the offset of ifi_name is wrong, though.

A solution to that problem is to remove ifi_next from ipadm_if_info_t and add use an extra container structure ipadm_if_info_list_t. This will break the libipadm API and requires a bit of rework in the code using it, but at least it's private to illumos-gate.

Actions

Also available in: Atom PDF