[strongSwan-dev] [PATCH] socket-default: fix use of uninitialized memory when forcing source address on outgoing packet.

Fri Oct 30 16:42:14 CET 2015

Depending on compiler and cflags, it could be not working at all.


Signed-off-by: Maxime Bizon <mbizon at freebox.fr>
---
 .../plugins/socket_default/socket_default_socket.c     | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index dbfddbb..2fdfbe1 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -418,15 +418,17 @@ METHOD(socket_t, sender, status_t,
 #if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
 			struct in_addr *addr;
 			struct sockaddr_in *sin;
+			char *buf;
 #ifdef IP_PKTINFO
-			char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
+			size_t buf_size = CMSG_SPACE(sizeof(struct in_pktinfo));
 			struct in_pktinfo *pktinfo;
 #elif defined(IP_SENDSRCADDR)
-			char buf[CMSG_SPACE(sizeof(struct in_addr))];
+			size_t buf_size = CMSG_SPACE(sizeof(struct in_addr));
 #endif
-			memset(buf, 0, sizeof(buf));
+			buf = alloca(buf_size);
+			memset(buf, 0, buf_size);
 			msg.msg_control = buf;
-			msg.msg_controllen = sizeof(buf);
+			msg.msg_controllen = buf_size;
 			cmsg = CMSG_FIRSTHDR(&msg);
 			cmsg->cmsg_level = SOL_IP;
 #ifdef IP_PKTINFO
@@ -446,13 +448,15 @@ METHOD(socket_t, sender, status_t,
 #ifdef HAVE_IN6_PKTINFO
 		else
 		{
-			char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+			size_t buf_size = CMSG_SPACE(sizeof(struct in6_pktinfo));
+			char *buf;
 			struct in6_pktinfo *pktinfo;
 			struct sockaddr_in6 *sin;
 
-			memset(buf, 0, sizeof(buf));
+			buf = alloca(buf_size);
+			memset(buf, 0, buf_size);
 			msg.msg_control = buf;
-			msg.msg_controllen = sizeof(buf);
+			msg.msg_controllen = buf_size;
 			cmsg = CMSG_FIRSTHDR(&msg);
 			cmsg->cmsg_level = SOL_IPV6;
 			cmsg->cmsg_type = IPV6_PKTINFO;
-- 
1.9.1




-- 
Maxime


