Bug #13882

Updated by Hans Rosenfeld 7 months ago

The type checks I added to #13863 showed that ipadm_if_info() may suffer from a similar issue as #13866. 

 The underlying door call uses ipmgmt_getif_rval_t, which embeds an array of ipadm_if_info_t structures, which in turn contains a pointer used for making a single-linked list of ipadm_if_info_t structures: 

 typedef struct ipadm_if_info_s { 
	 struct ipadm_if_info_s 	 *ifi_next; 
	 char 			 ifi_name[LIFNAMSIZ]; 	 /* interface name */ 
	 ipadm_if_state_t 	 ifi_state; 		 /* see above */ 
	 uint_t 			 ifi_cflags; 		 /* current flags */ 
	 uint_t 			 ifi_pflags; 		 /* persistent flags */ 
 } ipadm_if_info_t; 

 The door call from libipadm to ipmgmtd doesn't use the ifi_next pointer, it just copies an array across the door and sets the list pointers later. Due to the different pointer size the offset of ifi_name is wrong, though. 

 A solution to that problem is to remove ifi_next ifl_next from ipadm_if_info_t and add use an extra container structure ipadm_if_info_list_t. This will break the libipadm API and requires a bit of rework in the code using it, but at least it's private to illumos-gate.