Message ID | 20200717170948.227787-1-matthias.andree@gmx.de |
---|---|
State | Rejected |
Headers | show |
Series | [Openvpn-devel] Fix stack buffer overruns in NEXTADDR() macro: | expand |
Am 17.07.20 um 19:09 schrieb Matthias Andree: > @@ -3727,6 +3727,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, > msg(M_WARN, "GDG6: socket #1 failed"); > goto done; > } > + errno = 0; > if (write(sockfd, (char *)&m_rtmsg, l) < 0) > { > msg(M_WARN, "GDG6: problem writing to routing socket"); This line escaped, so NAK on the first version of the patch. New patch was sent.
diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..7f760e9d 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -3436,7 +3436,7 @@ struct rtmsg { #else /* if defined(TARGET_SOLARIS) */ #define NEXTADDR(w, u) \ if (rtm_addrs & (w)) { \ - l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \ + l = ((struct sockaddr *)&(u))->sa_len; memmove(cp, &(u), l); cp += ROUNDUP(l); \ } #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) @@ -3727,6 +3727,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, msg(M_WARN, "GDG6: socket #1 failed"); goto done; } + errno = 0; if (write(sockfd, (char *)&m_rtmsg, l) < 0) { msg(M_WARN, "GDG6: problem writing to routing socket");
copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree <matthias.andree@gmx.de> --- src/openvpn/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.25.4