X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/cc9f6e38162d3c1bf6ca97536c2477f476c8e01b..3a60a9f5b85abb8c2cf24e1926c5c7b3f608a5e2:/bsd/net/if.c?ds=sidebyside

diff --git a/bsd/net/if.c b/bsd/net/if.c
index 3f6d1157d..d5e1a5eaf 100644
--- a/bsd/net/if.c
+++ b/bsd/net/if.c
@@ -1454,6 +1454,12 @@ ifconf(u_long cmd, user_addr_t ifrp, int * ret_space)
 	int error = 0;
 	size_t space;
 	
+	/*
+	 * Zero the ifr buffer to make sure we don't
+	 * disclose the contents of the stack.
+	 */
+	bzero(&ifr, sizeof(struct ifreq));
+
 	space = *ret_space;
 	ifnet_head_lock_shared();
 	for (ifp = ifnet_head.tqh_first; space > sizeof(ifr) && ifp; ifp = ifp->if_link.tqe_next) {
@@ -1932,10 +1938,10 @@ if_rtdel(
  */
 void if_rtproto_del(struct ifnet *ifp, int protocol)
 {
-	
-        struct radix_node_head  *rnh;
+	struct radix_node_head  *rnh;
 
-	if ((protocol <= AF_MAX) && ((rnh = rt_tables[protocol]) != NULL) && (ifp != NULL)) {
+	if ((protocol <= AF_MAX) && (protocol >= 0) &&
+		((rnh = rt_tables[protocol]) != NULL) && (ifp != NULL)) {
 		lck_mtx_lock(rt_mtx);
 		(void) rnh->rnh_walktree(rnh, if_rtdel, ifp);
 		lck_mtx_unlock(rt_mtx);