current-users: rt_tables broken

Subject: rt_tables broken
To: None <dyoung@netbsd.org>
From: KIYOHARA Takashi <kiyohara@kk.iij4u.or.jp>
List: current-users
Date: 08/04/2007 15:47:12

Hi! dyoung,


The rt_tables was broken since 07/19/2007 20:49:00 perhaps.  X-<

  http://mail-index.netbsd.org/source-changes/2007/07/19/0032.html


I use fwip(4).  I found this message.

arpresolve: can't allocate llinfo on fwip0 for 192.168.1.XXX


The cause of breaking is bcopy(9) of sys/netinet6/nd6.c::nd6_rtrequest().
It is likely to overflow from sdl_data[12] because ifp->if_addrlen of
fwip is 16.


sys/netinet6/nd6.c::nd6_rtrequest() line 1315 ---

                        ln->ln_byhint = 0;
                        if (macp) {
                                bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen);
                                SDL(gate)->sdl_alen = ifp->if_addrlen;
                        }

--- sys/netinet6/nd6.c::nd6_rtrequest()

sys/net/if_dl.h ---

struct sockaddr_dl {

  ... snip ...

        char        sdl_data[12]; /* minimum work area, can be larger;
                                     contains both if name and ll address */
}; 
 
/* We do arithmetic directly with these, so keep them char instead of void */
#define LLADDR(s) ((char *)((s)->sdl_data + (s)->sdl_nlen))

--- sys/net/if_dl.h


Please fix this.

Thanks,
--
kiyohara