Ticket #1303: 0001-Fix-stack-buffer-overruns-in-NEXTADDR-macro.patch

File 0001-Fix-stack-buffer-overruns-in-NEXTADDR-macro.patch, 988 bytes (added by mandree, 6 months ago)

attempt to fix this bug by copying only the unrounded length of data before rounding up the skip pointer

  • src/openvpn/route.c

    From a753097211ff01147ac10f2d48e56fdb18155066 Mon Sep 17 00:00:00 2001
    From: Matthias Andree <matthias.andree@gmx.de>
    Date: Fri, 17 Jul 2020 19:05:58 +0200
    Subject: [PATCH] Fix stack buffer overruns in NEXTADDR() macro:
    
    copy first, then round up the length when adding padding
    to the advance.
    
    Found by: GCC 9.3.0 (FreeBSD)
    
    Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
    ---
     src/openvpn/route.c | 2 +-
     1 file changed, 1 insertion(+), 1 deletion(-)
    
    diff --git a/src/openvpn/route.c b/src/openvpn/route.c
    index b57da5dd..24563ed6 100644
    a b struct rtmsg { 
    34363436#else  /* if defined(TARGET_SOLARIS) */
    34373437#define NEXTADDR(w, u) \
    34383438    if (rtm_addrs & (w)) { \
    3439         l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \
     3439        l = ((struct sockaddr *)&(u))->sa_len; memmove(cp, &(u), l); cp += ROUNDUP(l); \
    34403440    }
    34413441
    34423442#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))