diff options
| author | Christian Pointner <equinox@anytun.org> | 2008-05-11 22:57:21 +0000 |
|---|---|---|
| committer | Christian Pointner <equinox@anytun.org> | 2008-05-11 22:57:21 +0000 |
| commit | 95b425372d9d3460f4a367f32177d1b897c72b55 (patch) | |
| tree | 5bd6a9c91eb6959233f74f4c3fa34ac4b7d0dcd9 | |
| parent | small security fix @ new linux tun device (diff) | |
same security fix for bsd device
| -rw-r--r-- | src/bsd/tunDevice.cpp | 11 | ||||
| -rw-r--r-- | src/bsd/tunDevice.h | 1 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/bsd/tunDevice.cpp b/src/bsd/tunDevice.cpp index 47558de..5ad6ea7 100644 --- a/src/bsd/tunDevice.cpp +++ b/src/bsd/tunDevice.cpp @@ -165,6 +165,13 @@ void TunDevice::init_post() #error Target not supported #endif +int TunDevice::fix_return(int ret, size_t type_length) +{ + if(ret < 0) + return ret; + + return (static_cast<size_t>(ret) > type_length ? (ret - type_length) : 0); +} short TunDevice::read(u_int8_t* buf, u_int32_t len) { @@ -179,7 +186,7 @@ short TunDevice::read(u_int8_t* buf, u_int32_t len) iov[0].iov_len = sizeof(type); iov[1].iov_base = buf; iov[1].iov_len = len; - return(::readv(fd_, iov, 2) - sizeof(type)); + return(fix_return(::readv(fd_, iov, 2), sizeof(type))); } else return(::read(fd_, buf, len)); @@ -205,7 +212,7 @@ int TunDevice::write(u_int8_t* buf, u_int32_t len) iov[0].iov_len = sizeof(type); iov[1].iov_base = buf; iov[1].iov_len = len; - return(::writev(fd_, iov, 2) - sizeof(type)); + return(fix_return(::writev(fd_, iov, 2), sizeof(type))); } else return(::write(fd_, buf, len)); diff --git a/src/bsd/tunDevice.h b/src/bsd/tunDevice.h index 16408a2..8641d2c 100644 --- a/src/bsd/tunDevice.h +++ b/src/bsd/tunDevice.h @@ -54,6 +54,7 @@ private: void init_post(); void do_ifconfig(); + int fix_return(int ret, size_t type_length); int fd_; DeviceConfig conf_; |