Hi,
Struct sockaddr_in and sockaddr_in6 should always be initialized
to zero. Most of the kernel does this already, this diff fixes all
other places there sin_family is assigned. Do not pass around
pointers to uninitialized stack memory.
There are some global route variables, I think the padding fields
are always zero and do not change. I did not touch them.
While there, the call to in6_recoverscope() in fill_drlist() looked
very broken.
I prefered memset() over bzero(), but if a source file was only
using the latter, I have chosen this.
ok?
bluhm
Index: net/pipex.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/pipex.c,v
retrieving revision 1.72
diff -u -p -r1.72 pipex.c
--- net/pipex.c 16 Jul 2015 16:12:15 -0000 1.72
+++ net/pipex.c 19 Aug 2015 19:02:39 -0000
@@ -1736,12 +1736,14 @@ drop:
struct pipex_session *
pipex_pptp_userland_lookup_session_ipv4(struct mbuf *m0, struct in_addr dst)
{
- struct sockaddr_in sin4;
+ struct sockaddr_in sin;
- sin4.sin_family = AF_INET;
- sin4.sin_addr = dst;
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+ sin.sin_addr = dst;
- return pipex_pptp_userland_lookup_session(m0, (struct sockaddr *)&sin4);
+ return pipex_pptp_userland_lookup_session(m0, sintosa(&sin));
}
#ifdef INET6
@@ -1750,10 +1752,12 @@ pipex_pptp_userland_lookup_session_ipv6(
{
struct sockaddr_in6 sin6;
+ memset(&sin6, 0, sizeof(sin6));
+ sin6.sin6_len = sizeof(sin6);
sin6.sin6_family = AF_INET6;
in6_recoverscope(&sin6, &dst, NULL);
- return pipex_pptp_userland_lookup_session(m0, (struct sockaddr *)&sin6);
+ return pipex_pptp_userland_lookup_session(m0, sin6tosa(&sin6));
}
#endif
@@ -2168,12 +2172,14 @@ drop:
struct pipex_session *
pipex_l2tp_userland_lookup_session_ipv4(struct mbuf *m0, struct in_addr dst)
{
- struct sockaddr_in sin4;
+ struct sockaddr_in sin;
- sin4.sin_family = AF_INET;
- sin4.sin_addr = dst;
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+ sin.sin_addr = dst;
- return pipex_l2tp_userland_lookup_session(m0, (struct sockaddr *)&sin4);
+ return pipex_l2tp_userland_lookup_session(m0, sintosa(&sin));
}
#ifdef INET6
@@ -2182,10 +2188,12 @@ pipex_l2tp_userland_lookup_session_ipv6(
{
struct sockaddr_in6 sin6;
+ memset(&sin6, 0, sizeof(sin6));
+ sin6.sin6_len = sizeof(sin6);
sin6.sin6_family = AF_INET6;
in6_recoverscope(&sin6, &dst, NULL);
- return pipex_l2tp_userland_lookup_session(m0, (struct sockaddr *)&sin6);
+ return pipex_l2tp_userland_lookup_session(m0, sin6tosa(&sin6));
}
#endif
Index: netinet/in.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in.c,v
retrieving revision 1.120
diff -u -p -r1.120 in.c
--- netinet/in.c 8 Jul 2015 07:56:51 -0000 1.120
+++ netinet/in.c 19 Aug 2015 19:18:55 -0000
@@ -809,7 +809,7 @@ in_addmulti(struct in_addr *ap, struct i
* New address; allocate a new multicast record
* and link it into the interface's multicast list.
*/
- inm = malloc(sizeof(*inm), M_IPMADDR, M_NOWAIT);
+ inm = malloc(sizeof(*inm), M_IPMADDR, M_NOWAIT | M_ZERO);
if (inm == NULL)
return (NULL);
@@ -824,6 +824,7 @@ in_addmulti(struct in_addr *ap, struct i
* Ask the network driver to update its multicast reception
* filter appropriately for the new address.
*/
+ memset(&ifr, 0, sizeof(ifr));
memcpy(&ifr.ifr_addr, &inm->inm_sin, sizeof(inm->inm_sin));
if ((*ifp->if_ioctl)(ifp, SIOCADDMULTI,(caddr_t)&ifr) != 0) {
free(inm, M_IPMADDR, sizeof(*inm));
@@ -867,6 +868,7 @@ in_delmulti(struct in_multi *inm)
* reception filter.
*/
if (ifp != NULL) {
+ memset(&ifr, 0, sizeof(ifr));
satosin(&ifr.ifr_addr)->sin_len =
sizeof(struct sockaddr_in);
satosin(&ifr.ifr_addr)->sin_family = AF_INET;
Index: netinet/ip_mroute.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_mroute.c,v
retrieving revision 1.79
diff -u -p -r1.79 ip_mroute.c
--- netinet/ip_mroute.c 15 Jul 2015 17:55:08 -0000 1.79
+++ netinet/ip_mroute.c 19 Aug 2015 19:25:51 -0000
@@ -889,6 +889,7 @@ add_vif(struct mbuf *m)
return (EOPNOTSUPP);
/* Enable promiscuous reception of all IP multicasts. */
+ memset(&ifr, 0, sizeof(ifr));
satosin(&ifr.ifr_addr)->sin_len = sizeof(struct sockaddr_in);
satosin(&ifr.ifr_addr)->sin_family = AF_INET;
satosin(&ifr.ifr_addr)->sin_addr = zeroin_addr;
@@ -943,6 +944,7 @@ reset_vif(struct vif *vifp)
reg_vif_num = VIFI_INVALID;
#endif
} else {
+ memset(&ifr, 0, sizeof(ifr));
satosin(&ifr.ifr_addr)->sin_len = sizeof(struct sockaddr_in);
satosin(&ifr.ifr_addr)->sin_family = AF_INET;
satosin(&ifr.ifr_addr)->sin_addr = zeroin_addr;
Index: netinet6/in6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.165
diff -u -p -r1.165 in6.c
--- netinet6/in6.c 19 Aug 2015 13:27:38 -0000 1.165
+++ netinet6/in6.c 19 Aug 2015 19:02:39 -0000
@@ -868,7 +868,7 @@ in6_update_ifa(struct ifnet *ifp, struct
* join interface-local all-nodes address.
* (ff01::1%ifN, and ff01::%ifN/32)
*/
- bzero(&mltaddr.sin6_addr, sizeof(mltaddr.sin6_addr));
+ bzero(&mltaddr, sizeof(mltaddr));
mltaddr.sin6_len = sizeof(struct sockaddr_in6);
mltaddr.sin6_family = AF_INET6;
mltaddr.sin6_addr = in6addr_intfacelocal_allnodes;
@@ -1346,7 +1346,7 @@ in6_addmulti(struct in6_addr *maddr6, st
* New address; allocate a new multicast record
* and link it into the interface's multicast list.
*/
- in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT);
+ in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO);
if (in6m == NULL) {
*errorp = ENOBUFS;
return (NULL);
Index: netinet6/ip6_mroute.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_mroute.c,v
retrieving revision 1.86
diff -u -p -r1.86 ip6_mroute.c
--- netinet6/ip6_mroute.c 15 Jul 2015 17:56:05 -0000 1.86
+++ netinet6/ip6_mroute.c 19 Aug 2015 19:02:39 -0000
@@ -557,6 +557,7 @@ ip6_mrouter_done(void)
for (mifi = 0; mifi < nummifs; mifi++) {
if (mif6table[mifi].m6_ifp &&
!(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_addr.sin6_family = AF_INET6;
ifr.ifr_addr.sin6_addr= in6addr_any;
ifp = mif6table[mifi].m6_ifp;
@@ -695,6 +696,7 @@ add_m6if(struct mif6ctl *mifcp)
* Enable promiscuous reception of all IPv6 multicasts
* from the interface.
*/
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_addr.sin6_family = AF_INET6;
ifr.ifr_addr.sin6_addr = in6addr_any;
error = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr);
@@ -760,6 +762,7 @@ del_m6if(mifi_t *mifip)
*/
ifp = mifp->m6_ifp;
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_addr.sin6_family = AF_INET6;
ifr.ifr_addr.sin6_addr = in6addr_any;
(*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr);
Index: netinet6/nd6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.145
diff -u -p -r1.145 nd6.c
--- netinet6/nd6.c 19 Aug 2015 13:27:38 -0000 1.145
+++ netinet6/nd6.c 19 Aug 2015 19:02:39 -0000
@@ -1834,9 +1834,7 @@ fill_drlist(void *oldp, size_t *oldlenp,
bzero(d, sizeof(*d));
d->rtaddr.sin6_family = AF_INET6;
d->rtaddr.sin6_len = sizeof(struct sockaddr_in6);
- d->rtaddr.sin6_addr = dr->rtaddr;
- in6_recoverscope(&d->rtaddr, &d->rtaddr.sin6_addr,
- dr->ifp);
+ in6_recoverscope(&d->rtaddr, &dr->rtaddr, dr->ifp);
d->flags = dr->flags;
d->rtlifetime = dr->rtlifetime;
d->expire = dr->expire;
@@ -1927,9 +1925,9 @@ fill_prlist(void *oldp, size_t *oldlenp,
continue;
}
s6 = &sin6[advrtrs];
+ bzero(s6, sizeof(*s6));
s6->sin6_family = AF_INET6;
s6->sin6_len = sizeof(struct sockaddr_in6);
- s6->sin6_addr = pfr->router->rtaddr;
in6_recoverscope(s6, &pfr->router->rtaddr,
pfr->router->ifp);
advrtrs++;
Index: nfs/krpc_subr.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/nfs/krpc_subr.c,v
retrieving revision 1.28
diff -u -p -r1.28 krpc_subr.c
--- nfs/krpc_subr.c 15 Jul 2015 22:16:42 -0000 1.28
+++ nfs/krpc_subr.c 19 Aug 2015 19:32:32 -0000
@@ -270,7 +270,8 @@ krpc_call(struct sockaddr_in *sa, u_int
MGET(m, M_WAIT, MT_SONAME);
sin = mtod(m, struct sockaddr_in *);
- sin->sin_len = m->m_len = sizeof (struct sockaddr_in);
+ memset(sin, 0, sizeof(*sin));
+ sin->sin_len = m->m_len = sizeof(struct sockaddr_in);
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = INADDR_ANY;
sin->sin_port = htons(0);
Index: nfs/nfs_socket.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/nfs/nfs_socket.c,v
retrieving revision 1.110
diff -u -p -r1.110 nfs_socket.c
--- nfs/nfs_socket.c 15 Jul 2015 22:16:42 -0000 1.110
+++ nfs/nfs_socket.c 19 Aug 2015 19:34:28 -0000
@@ -258,7 +258,8 @@ nfs_connect(struct nfsmount *nmp, struct
MGET(m, M_WAIT, MT_SONAME);
sin = mtod(m, struct sockaddr_in *);
- sin->sin_len = m->m_len = sizeof (struct sockaddr_in);
+ memset(sin, 0, sizeof(*sin));
+ sin->sin_len = m->m_len = sizeof(struct sockaddr_in);
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = INADDR_ANY;
sin->sin_port = htons(0);
