Hi,
in src/usr.sbin/smtpd/mta_session.c 1.124 two bugs are introduced:
- getsockname/getpeername are passed a struct sockaddr, too small
to hold an IPv6 address.
- sa_len is uninitialized.
Detected thanks to -fstack-protector on Void Linux,
which killed it immediately after connecting to the MTA.
This patch fixes both issues:
--- a/smtpd/mta_session.c
+++ b/smtpd/mta_session.c
@@ -1811,21 +1811,25 @@ mta_filter_end(struct mta_session *s)
static void
mta_connected(struct mta_session *s)
{
- struct sockaddr sa_src;
- struct sockaddr sa_dest;
+ struct sockaddr_storage sa_src;
+ struct sockaddr_storage sa_dest;
int sa_len;
log_info("%016"PRIx64" mta connected", s->id);
- if (getsockname(io_fileno(s->io), &sa_src, &sa_len) == -1)
+ sa_len = sizeof sa_src;
+ if (getsockname(io_fileno(s->io),
+ (struct sockaddr *)&sa_src, &sa_len) == -1)
bzero(&sa_src, sizeof sa_src);
- if (getpeername(io_fileno(s->io), &sa_dest, &sa_len) == -1)
+ sa_len = sizeof sa_dest;
+ if (getpeername(io_fileno(s->io),
+ (struct sockaddr *)&sa_dest, &sa_len) == -1)
bzero(&sa_dest, sizeof sa_dest);
mta_report_link_connect(s,
s->route->dst->ptrname, 1,
- (struct sockaddr_storage *)&sa_src,
- (struct sockaddr_storage *)&sa_dest);
+ &sa_src,
+ &sa_dest);
}
static void
Cheers,
--
Leah Neukirchen <[email protected]> https://leahneukirchen.org/
