>I think the best way to handle it, is to make the kernel strict and >fix userland. If the kernel would allow the sloppiest userland >program to succeed, creating security would be hard. > >So patching dhcpcd is the right approach. Thanks for finding.
I disagree. I think the new kernel test is invalid. >OK bluhm@ > >> Index: Makefile >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> RCS file: /cvs/ports/net/dhcpcd/Makefile,v >> retrieving revision 1.63 >> diff -u -p -r1.63 Makefile >> --- Makefile 13 Nov 2019 12:18:09 -0000 1.63 >> +++ Makefile 17 Nov 2019 14:15:33 -0000 >> @@ -3,6 +3,7 @@ >> COMMENT=3D DHCPv4/IPv4LL/IPv6RS/DHCPv6 quad stack client >> >> DISTNAME=3D dhcpcd-8.1.2 >> +REVISION=3D 0 >> >> CATEGORIES=3D net >> EXTRACT_SUFX=3D .tar.xz >> Index: patches/patch-src_if-bsd_c >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> RCS file: patches/patch-src_if-bsd_c >> diff -N patches/patch-src_if-bsd_c >> --- /dev/null 1 Jan 1970 00:00:00 -0000 >> +++ patches/patch-src_if-bsd_c 17 Nov 2019 14:15:33 -0000 >> @@ -0,0 +1,13 @@ >> +$OpenBSD$ >> + >> +Index: src/if-bsd.c >> +--- src/if-bsd.c.orig >> ++++ src/if-bsd.c >> +@@ -1043,6 +1043,7 @@ if_addrflags6(const struct interface *ifp, const = >struc >> + strlcpy(ifr6.ifr_name, ifp->name, sizeof(ifr6.ifr_name)); >> + ifr6.ifr_addr.sin6_family =3D AF_INET6; >> + ifr6.ifr_addr.sin6_addr =3D *addr; >> ++ ifr6.ifr_addr.sin6_len =3D sizeof(ifr6.ifr_addr); >> + ifa_setscope(&ifr6.ifr_addr, ifp->index); >> + priv =3D (struct priv *)ifp->ctx->priv; >> + if (ioctl(priv->pf_inet6_fd, SIOCGIFAFLAG_IN6, &ifr6) !=3D -1) > >
