aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Sperling <ssperling@sysmocom.de>2018-11-22 08:36:35 +0100
committerHarald Welte <laforge@gnumonks.org>2018-11-22 14:12:40 +0000
commitb0b9c2828431d5c3266c59aec484c1e0b37c6496 (patch)
treec21b7db00371e168a5f58f980b9badbad7ef6829
parent3730c550cdde89a0c835bd13931480dde2cd8de0 (diff)
properly store IPv6 addresses in struct tun_t
All addresses in struct tun_t were stored as an in_addr. But IPv6 addresses need an in6_addr, so switch tun_t addresses to the in64_addr wrapper struct. This is an ABI break, as documented in TODO-RELEASE. Fixes an out of bounds memcpy() identified by Coverity. Change-Id: Idd2431ad25d7fa182e52e2bd5231ceb04d427c34 Related: CID#174278
-rw-r--r--TODO-RELEASE1
-rw-r--r--lib/tun.c22
-rw-r--r--lib/tun.h4
3 files changed, 17 insertions, 10 deletions
diff --git a/TODO-RELEASE b/TODO-RELEASE
index d0852fc..bbad169 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -7,3 +7,4 @@
# If any interfaces have been added since the last public release: c:r:a + 1.
# If any interfaces have been removed or changed since the last public release: c:r:0.
#library what description / commit summary line
+libmisc tun_t tun_t structure has grown due to switch from in_addr to in46_addr (g#11870)
diff --git a/lib/tun.c b/lib/tun.c
index 6ae006b..1aeed55 100644
--- a/lib/tun.c
+++ b/lib/tun.c
@@ -68,10 +68,14 @@ static int tun_setaddr4(struct tun_t *this, struct in_addr *addr,
if (rc < 0)
return rc;
- if (addr)
- this->addr.s_addr = addr->s_addr;
- if (dstaddr)
- this->dstaddr.s_addr = dstaddr->s_addr;
+ if (addr) {
+ this->addr.len = sizeof(struct in_addr);
+ this->addr.v4.s_addr = addr->s_addr;
+ }
+ if (dstaddr) {
+ this->dstaddr.len = sizeof(struct in_addr);
+ this->dstaddr.v4.s_addr = dstaddr->s_addr;
+ }
if (netmask)
this->netmask.s_addr = netmask->s_addr;
this->addrs++;
@@ -89,8 +93,10 @@ static int tun_setaddr6(struct tun_t *this, struct in6_addr *addr, struct in6_ad
rc = netdev_setaddr6(this->devname, addr, dstaddr, prefixlen);
if (rc < 0)
return rc;
- if (dstaddr)
- memcpy(&this->dstaddr, dstaddr, sizeof(*dstaddr));
+ if (dstaddr) {
+ this->dstaddr.len = sizeof(*dstaddr);
+ memcpy(&this->dstaddr.v6, dstaddr, sizeof(*dstaddr));
+ }
this->addrs++;
#if defined(__FreeBSD__) || defined (__APPLE__)
this->routes = 1;
@@ -270,7 +276,7 @@ int tun_free(struct tun_t *tun)
{
if (tun->routes) {
- netdev_delroute(&tun->dstaddr, &tun->addr, &tun->netmask);
+ netdev_delroute(&tun->dstaddr.v4, &tun->addr.v4, &tun->netmask);
}
if (tun->fd >= 0) {
@@ -323,7 +329,7 @@ int tun_runscript(struct tun_t *tun, char *script)
char smask[TUN_ADDRSIZE];
int rc;
- strncpy(snet, inet_ntoa(tun->addr), sizeof(snet));
+ strncpy(snet, inet_ntoa(tun->addr.v4), sizeof(snet));
snet[sizeof(snet) - 1] = 0;
strncpy(smask, inet_ntoa(tun->netmask), sizeof(smask));
smask[sizeof(smask) - 1] = 0;
diff --git a/lib/tun.h b/lib/tun.h
index 6bf141f..07ca04a 100644
--- a/lib/tun.h
+++ b/lib/tun.h
@@ -31,8 +31,8 @@
struct tun_t {
int fd; /* File descriptor to tun interface */
- struct in_addr addr;
- struct in_addr dstaddr;
+ struct in46_addr addr;
+ struct in46_addr dstaddr;
struct in_addr netmask;
int addrs; /* Number of allocated IP addresses */
int routes; /* One if we allocated an automatic route */