From a753097211ff01147ac10f2d48e56fdb18155066 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 17 Jul 2020 19:05:58 +0200
Subject: [PATCH] Fix stack buffer overruns in NEXTADDR() macro:
copy first, then round up the length when adding padding
to the advance.
Found by: GCC 9.3.0 (FreeBSD)
Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
---
src/openvpn/route.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index b57da5dd..24563ed6 100644
a
|
b
|
struct rtmsg { |
3436 | 3436 | #else /* if defined(TARGET_SOLARIS) */ |
3437 | 3437 | #define NEXTADDR(w, u) \ |
3438 | 3438 | if (rtm_addrs & (w)) { \ |
3439 | | l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \ |
| 3439 | l = ((struct sockaddr *)&(u))->sa_len; memmove(cp, &(u), l); cp += ROUNDUP(l); \ |
3440 | 3440 | } |
3441 | 3441 | |
3442 | 3442 | #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) |