Re: netbsd-8: panic: sockaddr_copy: source too long, 28 < 128 bytes

[mlelstv%serpens.de@localhost (Michael van Elst)]

ozaki-r%netbsd.org@localhost (Ryota Ozaki) writes:

>diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
>index ee4fc6fdfb3..a4a74c8009e 100644
>--- a/sys/netinet6/udp6_usrreq.c
>+++ b/sys/netinet6/udp6_usrreq.c
>@@ -668,10 +668,18 @@ udp6_output(struct in6pcb * const in6p, struct mbuf *m,

>        if (addr6) {
>                sin6 = addr6;
>+               if (sin6->sin6_len != sizeof(*sin6)) {
>+                       error = EINVAL;
>+                       goto release;
>+               }
>                if (sin6->sin6_family != AF_INET6) {
>                        error = EAFNOSUPPORT;
>                        goto release;
>                }
>+               if (sin6->sin6_port == 0) {
>+                       error = EADDRNOTAVAIL;
>+                       goto release;
>+               }

The port validation is already done a few lines below,
but the comment when using the port is a bit strange:

                fport = sin6->sin6_port; /* allow 0 port */

Apparently that comment (and the port check) already
existed when the initial version was imported.


-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."