git: 94cea2fc0761 - stable/13 - rtsock: fix a stack overflow

[Kristof Provost]

The branch stable/13 has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=94cea2fc07611a2f74641b4cac8c4d245826f5f7

commit 94cea2fc07611a2f74641b4cac8c4d245826f5f7
Author:     Kurosawa Takahiro <takahiro.kuros...@gmail.com>
AuthorDate: 2022-05-13 17:58:11 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2022-05-25 08:13:34 +0000

    rtsock: fix a stack overflow
    
    struct sockaddr is not sufficient for buffer that can hold any
    sockaddr_* structure. struct sockaddr_storage should be used.
    
    Test:
    ifconfig epair create
    ifconfig epair0a inet6 add 2001:db8::1 up
    ndp -s 2001:db8::2 02:86:98:2e:96:0b proxy # this triggers kernel stack 
overflow
    
    Reviewed by:    markj, kp
    Differential Revision:  https://reviews.freebsd.org/D35188
    
    (cherry picked from commit 9573cc35555eb0da35da5712462de9f6107fb974)
---
 sys/net/rtsock.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 1f898c739725..5f386a2142f6 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -788,7 +788,7 @@ handle_rtm_get(struct rt_addrinfo *info, u_int fibnum,
         * TODO: move this logic to userland.
         */
        if (rtm->rtm_flags & RTF_ANNOUNCE) {
-               struct sockaddr laddr;
+               struct sockaddr_storage laddr;
 
                if (nh->nh_ifp != NULL &&
                    nh->nh_ifp->if_type == IFT_PROPVIRTUAL) {
@@ -798,17 +798,17 @@ handle_rtm_get(struct rt_addrinfo *info, u_int fibnum,
                                        RT_ALL_FIBS);
                        if (ifa != NULL)
                                rt_maskedcopy(ifa->ifa_addr,
-                                             &laddr,
+                                             (struct sockaddr *)&laddr,
                                              ifa->ifa_netmask);
                } else
                        rt_maskedcopy(nh->nh_ifa->ifa_addr,
-                                     &laddr,
+                                     (struct sockaddr *)&laddr,
                                      nh->nh_ifa->ifa_netmask);
                /* 
                 * refactor rt and no lock operation necessary
                 */
-               rc->rc_rt = (struct rtentry *)rnh->rnh_matchaddr(&laddr,
-                   &rnh->head);
+               rc->rc_rt = (struct rtentry *)rnh->rnh_matchaddr(
+                   (struct sockaddr *)&laddr, &rnh->head);
                if (rc->rc_rt == NULL) {
                        RIB_RUNLOCK(rnh);
                        return (ESRCH);