<p>Harald Welte <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/11871">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">properly store IPv6 addresses in struct tun_t<br><br>All addresses in struct tun_t were stored as an in_addr.<br>But IPv6 addresses need an in6_addr, so switch tun_t addresses<br>to the in64_addr wrapper struct.<br><br>This is an ABI break, as documented in TODO-RELEASE.<br><br>Fixes an out of bounds memcpy() identified by Coverity.<br><br>Change-Id: Idd2431ad25d7fa182e52e2bd5231ceb04d427c34<br>Related: CID#174278<br>---<br>M TODO-RELEASE<br>M lib/tun.c<br>M lib/tun.h<br>3 files changed, 17 insertions(+), 10 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/TODO-RELEASE b/TODO-RELEASE</span><br><span>index d0852fc..bbad169 100644</span><br><span>--- a/TODO-RELEASE</span><br><span>+++ b/TODO-RELEASE</span><br><span>@@ -7,3 +7,4 @@</span><br><span> # If any interfaces have been added since the last public release: c:r:a + 1.</span><br><span> # If any interfaces have been removed or changed since the last public release: c:r:0.</span><br><span> #library   what            description / commit summary line</span><br><span style="color: hsl(120, 100%, 40%);">+libmisc              tun_t           tun_t structure has grown due to switch from in_addr to in46_addr (g#11870)</span><br><span>diff --git a/lib/tun.c b/lib/tun.c</span><br><span>index 6ae006b..1aeed55 100644</span><br><span>--- a/lib/tun.c</span><br><span>+++ b/lib/tun.c</span><br><span>@@ -68,10 +68,14 @@</span><br><span>   if (rc < 0)</span><br><span>               return rc;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-  if (addr)</span><br><span style="color: hsl(0, 100%, 40%);">-               this->addr.s_addr = addr->s_addr;</span><br><span style="color: hsl(0, 100%, 40%);">- if (dstaddr)</span><br><span style="color: hsl(0, 100%, 40%);">-            this->dstaddr.s_addr = dstaddr->s_addr;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (addr) {</span><br><span style="color: hsl(120, 100%, 40%);">+           this->addr.len = sizeof(struct in_addr);</span><br><span style="color: hsl(120, 100%, 40%);">+           this->addr.v4.s_addr = addr->s_addr;</span><br><span style="color: hsl(120, 100%, 40%);">+    }</span><br><span style="color: hsl(120, 100%, 40%);">+     if (dstaddr) {</span><br><span style="color: hsl(120, 100%, 40%);">+                this->dstaddr.len = sizeof(struct in_addr);</span><br><span style="color: hsl(120, 100%, 40%);">+                this->dstaddr.v4.s_addr = dstaddr->s_addr;</span><br><span style="color: hsl(120, 100%, 40%);">+      }</span><br><span>    if (netmask)</span><br><span>                 this->netmask.s_addr = netmask->s_addr;</span><br><span>        this->addrs++;</span><br><span>@@ -89,8 +93,10 @@</span><br><span>       rc = netdev_setaddr6(this->devname, addr, dstaddr, prefixlen);</span><br><span>    if (rc < 0)</span><br><span>               return rc;</span><br><span style="color: hsl(0, 100%, 40%);">-      if (dstaddr)</span><br><span style="color: hsl(0, 100%, 40%);">-            memcpy(&this->dstaddr, dstaddr, sizeof(*dstaddr));</span><br><span style="color: hsl(120, 100%, 40%);">+     if (dstaddr) {</span><br><span style="color: hsl(120, 100%, 40%);">+                this->dstaddr.len = sizeof(*dstaddr);</span><br><span style="color: hsl(120, 100%, 40%);">+              memcpy(&this->dstaddr.v6, dstaddr, sizeof(*dstaddr));</span><br><span style="color: hsl(120, 100%, 40%);">+  }</span><br><span>    this->addrs++;</span><br><span> #if defined(__FreeBSD__) || defined (__APPLE__)</span><br><span>         this->routes = 1;</span><br><span>@@ -270,7 +276,7 @@</span><br><span> {</span><br><span> </span><br><span>  if (tun->routes) {</span><br><span style="color: hsl(0, 100%, 40%);">-           netdev_delroute(&tun->dstaddr, &tun->addr, &tun->netmask);</span><br><span style="color: hsl(120, 100%, 40%);">+               netdev_delroute(&tun->dstaddr.v4, &tun->addr.v4, &tun->netmask);</span><br><span>        }</span><br><span> </span><br><span>        if (tun->fd >= 0) {</span><br><span>@@ -323,7 +329,7 @@</span><br><span>      char smask[TUN_ADDRSIZE];</span><br><span>    int rc;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-     strncpy(snet, inet_ntoa(tun->addr), sizeof(snet));</span><br><span style="color: hsl(120, 100%, 40%);">+ strncpy(snet, inet_ntoa(tun->addr.v4), sizeof(snet));</span><br><span>     snet[sizeof(snet) - 1] = 0;</span><br><span>  strncpy(smask, inet_ntoa(tun->netmask), sizeof(smask));</span><br><span>   smask[sizeof(smask) - 1] = 0;</span><br><span>diff --git a/lib/tun.h b/lib/tun.h</span><br><span>index 6bf141f..07ca04a 100644</span><br><span>--- a/lib/tun.h</span><br><span>+++ b/lib/tun.h</span><br><span>@@ -31,8 +31,8 @@</span><br><span> </span><br><span> struct tun_t {</span><br><span>     int fd;                 /* File descriptor to tun interface */</span><br><span style="color: hsl(0, 100%, 40%);">-  struct in_addr addr;</span><br><span style="color: hsl(0, 100%, 40%);">-    struct in_addr dstaddr;</span><br><span style="color: hsl(120, 100%, 40%);">+       struct in46_addr addr;</span><br><span style="color: hsl(120, 100%, 40%);">+        struct in46_addr dstaddr;</span><br><span>    struct in_addr netmask;</span><br><span>      int addrs;              /* Number of allocated IP addresses */</span><br><span>       int routes;             /* One if we allocated an automatic route */</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/11871">change 11871</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/11871"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: osmo-ggsn </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: Idd2431ad25d7fa182e52e2bd5231ceb04d427c34 </div>
<div style="display:none"> Gerrit-Change-Number: 11871 </div>
<div style="display:none"> Gerrit-PatchSet: 3 </div>
<div style="display:none"> Gerrit-Owner: Stefan Sperling <ssperling@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Harald Welte <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder (1000002) </div>
<div style="display:none"> Gerrit-Reviewer: Stefan Sperling <ssperling@sysmocom.de> </div>
<div style="display:none"> Gerrit-CC: Pau Espin Pedrol <pespin@sysmocom.de> </div>