From b0b9c2828431d5c3266c59aec484c1e0b37c6496 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <ssperling@sysmocom.de>
Date: Thu, 22 Nov 2018 08:36:35 +0100
Subject: properly store IPv6 addresses in struct tun_t

All addresses in struct tun_t were stored as an in_addr.
But IPv6 addresses need an in6_addr, so switch tun_t addresses
to the in64_addr wrapper struct.

This is an ABI break, as documented in TODO-RELEASE.

Fixes an out of bounds memcpy() identified by Coverity.

Change-Id: Idd2431ad25d7fa182e52e2bd5231ceb04d427c34
Related: CID#174278
---
 TODO-RELEASE |  1 +
 lib/tun.c    | 22 ++++++++++++++--------
 lib/tun.h    |  4 ++--
 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/TODO-RELEASE b/TODO-RELEASE
index d0852fc..bbad169 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -7,3 +7,4 @@
 # If any interfaces have been added since the last public release: c:r:a + 1.
 # If any interfaces have been removed or changed since the last public release: c:r:0.
 #library	what		description / commit summary line
+libmisc		tun_t		tun_t structure has grown due to switch from in_addr to in46_addr (g#11870)
diff --git a/lib/tun.c b/lib/tun.c
index 6ae006b..1aeed55 100644
--- a/lib/tun.c
+++ b/lib/tun.c
@@ -68,10 +68,14 @@ static int tun_setaddr4(struct tun_t *this, struct in_addr *addr,
 	if (rc < 0)
 		return rc;
 
-	if (addr)
-		this->addr.s_addr = addr->s_addr;
-	if (dstaddr)
-		this->dstaddr.s_addr = dstaddr->s_addr;
+	if (addr) {
+		this->addr.len = sizeof(struct in_addr);
+		this->addr.v4.s_addr = addr->s_addr;
+	}
+	if (dstaddr) {
+		this->dstaddr.len = sizeof(struct in_addr);
+		this->dstaddr.v4.s_addr = dstaddr->s_addr;
+	}
 	if (netmask)
 		this->netmask.s_addr = netmask->s_addr;
 	this->addrs++;
@@ -89,8 +93,10 @@ static int tun_setaddr6(struct tun_t *this, struct in6_addr *addr, struct in6_ad
 	rc = netdev_setaddr6(this->devname, addr, dstaddr, prefixlen);
 	if (rc < 0)
 		return rc;
-	if (dstaddr)
-		memcpy(&this->dstaddr, dstaddr, sizeof(*dstaddr));
+	if (dstaddr) {
+		this->dstaddr.len = sizeof(*dstaddr);
+		memcpy(&this->dstaddr.v6, dstaddr, sizeof(*dstaddr));
+	}
 	this->addrs++;
 #if defined(__FreeBSD__) || defined (__APPLE__)
 	this->routes = 1;
@@ -270,7 +276,7 @@ int tun_free(struct tun_t *tun)
 {
 
 	if (tun->routes) {
-		netdev_delroute(&tun->dstaddr, &tun->addr, &tun->netmask);
+		netdev_delroute(&tun->dstaddr.v4, &tun->addr.v4, &tun->netmask);
 	}
 
 	if (tun->fd >= 0) {
@@ -323,7 +329,7 @@ int tun_runscript(struct tun_t *tun, char *script)
 	char smask[TUN_ADDRSIZE];
 	int rc;
 
-	strncpy(snet, inet_ntoa(tun->addr), sizeof(snet));
+	strncpy(snet, inet_ntoa(tun->addr.v4), sizeof(snet));
 	snet[sizeof(snet) - 1] = 0;
 	strncpy(smask, inet_ntoa(tun->netmask), sizeof(smask));
 	smask[sizeof(smask) - 1] = 0;
diff --git a/lib/tun.h b/lib/tun.h
index 6bf141f..07ca04a 100644
--- a/lib/tun.h
+++ b/lib/tun.h
@@ -31,8 +31,8 @@
 
 struct tun_t {
 	int fd;			/* File descriptor to tun interface */
-	struct in_addr addr;
-	struct in_addr dstaddr;
+	struct in46_addr addr;
+	struct in46_addr dstaddr;
 	struct in_addr netmask;
 	int addrs;		/* Number of allocated IP addresses */
 	int routes;		/* One if we allocated an automatic route */
-- 
cgit v1.2.3