From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 17 Jul 2020 17:18:18 +0000 (+0200)
Subject: Fix stack buffer overruns in NEXTADDR() macro:
X-Git-Tag: v2.5_beta1~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5fde831c5807;p=thirdparty%2Fopenvpn.git

Fix stack buffer overruns in NEXTADDR() macro:

copy first, then round up the length when adding padding
to the advance.

Found by: GCC 9.3.0 (FreeBSD)

Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200717171818.230371-1-matthias.andree@gmx.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20461.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index b57da5dd4..24563ed63 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3436,7 +3436,7 @@ struct rtmsg {
 #else  /* if defined(TARGET_SOLARIS) */
 #define NEXTADDR(w, u) \
     if (rtm_addrs & (w)) { \
-        l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \
+        l = ((struct sockaddr *)&(u))->sa_len; memmove(cp, &(u), l); cp += ROUNDUP(l); \
     }
 
 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))