lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Mon, 17 Aug 2020 13:25:19 +0200
From:   Sascha Hauer <>
Cc:, Sascha Hauer <>
Subject: [PATCH v2] iproute2: ip maddress: Check multiaddr length

ip maddress add|del takes a MAC address as argument, so insist on
getting a length of ETH_ALEN bytes. This makes sure the passed argument
is actually a MAC address and especially not an IPv4 address which
was previously accepted and silently taken as a MAC address.

While at it, do not print *argv in the error path as this has been
modified by ll_addr_a2n() and doesn't contain the full string anymore,
which can lead to misleading error messages.

Also while at it, replace the hardcoded buffer size with the actual
buffer size using sizeof().

Signed-off-by: Sascha Hauer <>

Changes since v1:
- Replace hardcoded 14 with sizeof(ifr.ifr_hwaddr.sa_data)

 ip/ipmaddr.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index 3400e055..d41ac63a 100644
--- a/ip/ipmaddr.c
+++ b/ip/ipmaddr.c
@@ -291,7 +291,7 @@ static int multiaddr_modify(int cmd, int argc, char **argv)
 	struct ifreq ifr = {};
 	int family;
-	int fd;
+	int fd, len;
 	if (cmd == RTM_NEWADDR)
@@ -313,9 +313,14 @@ static int multiaddr_modify(int cmd, int argc, char **argv)
 			if (ifr.ifr_hwaddr.sa_data[0])
 				duparg("address", *argv);
-			if (ll_addr_a2n(ifr.ifr_hwaddr.sa_data,
-					14, *argv) < 0) {
-				fprintf(stderr, "Error: \"%s\" is not a legal ll address.\n", *argv);
+			len = ll_addr_a2n(ifr.ifr_hwaddr.sa_data,
+					  sizeof(ifr.ifr_hwaddr.sa_data),
+					  *argv);
+			if (len < 0)
+				exit(1);
+			if (len != ETH_ALEN) {
+				fprintf(stderr, "Error: Invalid address length %d - must be %d bytes\n", len, ETH_ALEN);

Powered by blists - more mailing lists