Browse code
Fix stack buffer overruns in NEXTADDR() macro:
copy first, then round up the length when adding padding
to the advance.
Found by: GCC 9.3.0 (FreeBSD)
Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200717171818.230371-1-matthias.andree@gmx.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20461.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Matthias Andree authored on 2020/07/18 02:18:18Showing 1 changed files
| ... | ... |
@@ -3436,7 +3436,7 @@ struct rtmsg {
|
| 3436 | 3436 |
#else /* if defined(TARGET_SOLARIS) */ |
| 3437 | 3437 |
#define NEXTADDR(w, u) \ |
| 3438 | 3438 |
if (rtm_addrs & (w)) { \
|
| 3439 |
- l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \ |
|
| 3439 |
+ l = ((struct sockaddr *)&(u))->sa_len; memmove(cp, &(u), l); cp += ROUNDUP(l); \ |
|
| 3440 | 3440 |
} |
| 3441 | 3441 |
|
| 3442 | 3442 |
#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) |