From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 26 Sep 2025 12:10:30 +0000 (+0200)
Subject: cf-socket: tweak a memcpy() to read better
X-Git-Tag: rc-8_17_0-2~299
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e891b4195fdc133e975d86bda865720cafd6add0;p=thirdparty%2Fcurl.git

cf-socket: tweak a memcpy() to read better

By checking the size of the actual buffer and using that as memcpy
target instead of another union member, this helps readers and static
code analyzers to determine that this is not a buffer overflow.

Ref: #18677
Closes #18787
---

diff --git a/lib/cf-socket.c b/lib/cf-socket.c
index 3d1f5e7529..1fabf0ea0b 100644
--- a/lib/cf-socket.c
+++ b/lib/cf-socket.c
@@ -333,12 +333,11 @@ static CURLcode sock_assign_addr(struct Curl_sockaddr_ex *dest,
   }
   dest->addrlen = (unsigned int)ai->ai_addrlen;
 
-  if(dest->addrlen > sizeof(struct Curl_sockaddr_storage)) {
-    DEBUGASSERT(0);
+  DEBUGASSERT(dest->addrlen <= sizeof(dest->curl_sa_addrbuf));
+  if(dest->addrlen > sizeof(dest->curl_sa_addrbuf))
     return CURLE_TOO_LARGE;
-  }
 
-  memcpy(&dest->curl_sa_addr, ai->ai_addr, dest->addrlen);
+  memcpy(&dest->curl_sa_addrbuf, ai->ai_addr, dest->addrlen);
   return CURLE_OK;
 }
 
diff --git a/lib/cf-socket.h b/lib/cf-socket.h
index 083202fad9..85b7e5631b 100644
--- a/lib/cf-socket.h
+++ b/lib/cf-socket.h
@@ -48,11 +48,12 @@ struct Curl_sockaddr_ex {
   int protocol;
   unsigned int addrlen;
   union {
-    struct sockaddr addr;
-    struct Curl_sockaddr_storage buff;
-  } _sa_ex_u;
+    struct sockaddr sa;
+    struct Curl_sockaddr_storage buf;
+  } addr;
 };
-#define curl_sa_addr _sa_ex_u.addr
+#define curl_sa_addr addr.sa
+#define curl_sa_addrbuf addr.buf
 
 /*
  * Parse interface option, and return the interface name and the host part.