]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c4566aa)
- Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
authorW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Fri, 18 Aug 2023 11:18:46 +0000 (13:18 +0200)
committerW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Fri, 18 Aug 2023 11:18:46 +0000 (13:18 +0200)
doc/Changelog patch | blob | blame | history
util/netevent.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index 18c2f51d8f8f83dedddab28654be1bac49e876c4..0940aafa68bbf8b2f37c21ae18102b08eeba96f5 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 18 August 2023: Wouter
        - Fix for iter_dec_attempts that could cause a hang, part of
          capsforid and qname minimisation, depending on the settings.
+       - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
 
 17 August 2023: Wouter
        - Merge PR #762: Downstream DNS Server Cookies a la RFC7873 and
diff --git a/util/netevent.c b/util/netevent.c
index f9f9fc1163c5c974eac3c1d2dea8d709ce78a793..204e4883cf2781926082ae767b8230cf43276a56 100644 (file)
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -592,6 +592,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
                cmsg_data = CMSG_DATA(cmsg);
                ((struct in_pktinfo *) cmsg_data)->ipi_ifindex = 0;
                cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+               /* zero the padding bytes inserted by the CMSG_LEN */
+               if(sizeof(struct in_pktinfo) < cmsg->cmsg_len)
+                       memset(((uint8_t*)(CMSG_DATA(cmsg))) +
+                               sizeof(struct in_pktinfo), 0, cmsg->cmsg_len
+                               - sizeof(struct in_pktinfo));
 #elif defined(IP_SENDSRCADDR)
                msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
                log_assert(msg.msg_controllen <= sizeof(control.buf));
@@ -600,6 +605,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
                memmove(CMSG_DATA(cmsg), &r->pktinfo.v4addr,
                        sizeof(struct in_addr));
                cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
+               /* zero the padding bytes inserted by the CMSG_LEN */
+               if(sizeof(struct in_addr) < cmsg->cmsg_len)
+                       memset(((uint8_t*)(CMSG_DATA(cmsg))) +
+                               sizeof(struct in_addr), 0, cmsg->cmsg_len
+                               - sizeof(struct in_addr));
 #else
                verbose(VERB_ALGO, "no IP_PKTINFO or IP_SENDSRCADDR");
                msg.msg_control = NULL;
@@ -616,6 +626,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
                cmsg_data = CMSG_DATA(cmsg);
                ((struct in6_pktinfo *) cmsg_data)->ipi6_ifindex = 0;
                cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+               /* zero the padding bytes inserted by the CMSG_LEN */
+               if(sizeof(struct in6_pktinfo) < cmsg->cmsg_len)
+                       memset(((uint8_t*)(CMSG_DATA(cmsg))) +
+                               sizeof(struct in6_pktinfo), 0, cmsg->cmsg_len
+                               - sizeof(struct in6_pktinfo));
        } else {
                /* try to pass all 0 to use default route */
                msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
@@ -624,6 +639,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
                cmsg->cmsg_type = IPV6_PKTINFO;
                memset(CMSG_DATA(cmsg), 0, sizeof(struct in6_pktinfo));
                cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+               /* zero the padding bytes inserted by the CMSG_LEN */
+               if(sizeof(struct in6_pktinfo) < cmsg->cmsg_len)
+                       memset(((uint8_t*)(CMSG_DATA(cmsg))) +
+                               sizeof(struct in6_pktinfo), 0, cmsg->cmsg_len
+                               - sizeof(struct in6_pktinfo));
        }
 #endif /* S_SPLINT_S */
        if(verbosity >= VERB_ALGO && r->srctype != 0)
Mirror of https://github.com/NLnetLabs/unbound.git