Re: netbsd-8: panic: sockaddr_copy: source too long, 28 < 128 bytes

[Ryota Ozaki <ozaki-r%netbsd.org@localhost>]

On Mon, Nov 5, 2018 at 4:40 PM Michael van Elst <mlelstv%serpens.de@localhost> wrote:
>
> ozaki-r%netbsd.org@localhost (Ryota Ozaki) writes:
>
> >diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
> >index ee4fc6fdfb3..a4a74c8009e 100644
> >--- a/sys/netinet6/udp6_usrreq.c
> >+++ b/sys/netinet6/udp6_usrreq.c
> >@@ -668,10 +668,18 @@ udp6_output(struct in6pcb * const in6p, struct mbuf *m,
>
> >        if (addr6) {
> >                sin6 = addr6;
> >+               if (sin6->sin6_len != sizeof(*sin6)) {
> >+                       error = EINVAL;
> >+                       goto release;
> >+               }
> >                if (sin6->sin6_family != AF_INET6) {
> >                        error = EAFNOSUPPORT;
> >                        goto release;
> >                }
> >+               if (sin6->sin6_port == 0) {
> >+                       error = EADDRNOTAVAIL;
> >+                       goto release;
> >+               }
>
> The port validation is already done a few lines below,

Thanks, that's right.

> but the comment when using the port is a bit strange:
>
>                 fport = sin6->sin6_port; /* allow 0 port */
>
> Apparently that comment (and the port check) already
> existed when the initial version was imported.

Well... I think the comment is just a leftover to be removed :-/

  ozaki-r