Fix stack buffer overruns in NEXTADDR() macro:

copy first, then round up the length when adding padding
to the advance.

Found by: GCC 9.3.0 (FreeBSD)

Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200717171818.230371-1-matthias.andree@gmx.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20461.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5fde831c580775aa5c1fe3539b06260d994eee10)

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 4199da3b50e543812bc8ae966d9aea11b39bc2b1..c66217adb8930d1bad3278bf1611dcbaa18c743b 100644 (file)
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3575,7 +3575,7 @@ struct rtmsg {
 #else  /* if defined(TARGET_SOLARIS) */
 #define NEXTADDR(w, u) \
     if (rtm_addrs & (w)) { \
-        l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \
+        l = ((struct sockaddr *)&(u))->sa_len; memmove(cp, &(u), l); cp += ROUNDUP(l); \
     }
 
 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))