kern/38791: routing socket event header not cleared

["J.T. Conklin" <jtc%acorntoolworks.com@localhost>]

>Number:         38791
>Category:       kern
>Synopsis:       routing socket event header not cleared
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 29 17:35:01 +0000 2008
>Originator:     J.T. Conklin
>Release:        NetBSD 4.99.56
>Organization:
>Environment:
        
        
System: NetBSD vm-nbsd5 4.99.56 NetBSD 4.99.56 (GENERIC) #0: Sat Mar 22 
18:35:25 PDT 2008  
jtc%orac.acorntoolworks.com@localhost:/home/jtc/netbsd/NetBSD-current/obj.i386/sys/arch/i386/compile/GENERIC
 i386
Architecture: i386
Machine: i386
>Description:
The header of routing socket events is not cleared in rt_msg1(), which
means that some fields (rtm_seq, rtm_pid, rtm_errno, etc.) that aren't
set for each message type contain uninitialized garbage.

The version of rt_msg1() documented in Stevens' TCP/Illustrated
contains an bzero() to clear the header, but as far as I can tell,
this was never in NetBSD (I checked as far back as NetBSD 2.0, the
earliest release that I have source unpacked).

The enclosed patch has a memset() where the Stevens' implementation
has bzero().

>How-To-Repeat:
Observe contents of routing socket events.

>Fix:
Index: rtsock.c
===================================================================
RCS file: /cvsroot/src/sys/net/rtsock.c,v
retrieving revision 1.105
diff -c -r1.105 rtsock.c
*** rtsock.c    25 May 2008 01:59:55 -0000      1.105
--- rtsock.c    29 May 2008 17:22:39 -0000
***************
*** 586,591 ****
--- 586,592 ----
        m->m_pkthdr.rcvif = NULL;
        m_copyback(m, 0, datalen, data);
        rtm = mtod(m, struct rt_msghdr *);
+       memset(rtm, 0, len);
        for (i = 0; i < RTAX_MAX; i++) {
                if ((sa = rtinfo->rti_info[i]) == NULL)
                        continue;

>Unformatted: