Fix memcpy overwrite in iproute.c because of bits vs. bytes confusion
diff --git a/ChangeLog b/ChangeLog
index 0a2d7f2..4d5bd41 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,8 @@
2005-10-12 Stephen Hemminger <shemminger@osdl.org>
* Add more CBQ examples from Fedora Core
-
+ * Fix buffer overrun in iproute because of bits vs. bytes confusion
+
2005-10-12 Jamal Hadi Salim <hadi@znyx.com>
* Fix ip rule flush, need to reopen rtnl
diff --git a/ip/iproute.c b/ip/iproute.c
index c8c3287..a43c09e 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -216,13 +216,13 @@
memset(&via, 0, sizeof(via));
via.family = r->rtm_family;
if (tb[RTA_GATEWAY])
- memcpy(&via.data, RTA_DATA(tb[RTA_GATEWAY]), host_len);
+ memcpy(&via.data, RTA_DATA(tb[RTA_GATEWAY]), host_len/8);
}
if (filter.rprefsrc.bitlen>0) {
memset(&prefsrc, 0, sizeof(prefsrc));
prefsrc.family = r->rtm_family;
if (tb[RTA_PREFSRC])
- memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len);
+ memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len/8);
}
if (filter.rdst.family && inet_addr_match(&dst, &filter.rdst, filter.rdst.bitlen))