Fix problem with UDP tunneling due to mishandled pktinfo structures.

In link_socket_write_udp_posix_sendmsg(), pktinfo structures for ipv4 and
ipv6 are going out of scope before actually calling sendmsg(), so depending
on compiler optimization, garbage is passed to sendmsg() - fix by using
"union openvpn_pktinfo" and having that in scope all the time.

Problem reported and patch provided by "danta" in trac#297

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
URL: https://community.openvpn.net/openvpn/ticket/297
Message-ID: <20130530184427.GP20843@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7629

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 94d2b1030fb75f64cf58e6f14187bea14a40157e..40356a0dd69c91053ac271e78b40ea5cedbd6e39 100644 (file)
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2796,6 +2796,7 @@ link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
   struct iovec iov;
   struct msghdr mesg;
   struct cmsghdr *cmsg;
+  union openvpn_pktinfo opi;
 
   iov.iov_base = BPTR (buf);
   iov.iov_len = BLEN (buf);
@@ -2805,11 +2806,10 @@ link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
     {
     case AF_INET:
       {
-        struct openvpn_in4_pktinfo msgpi4;
         mesg.msg_name = &to->dest.addr.sa;
         mesg.msg_namelen = sizeof (struct sockaddr_in);
-        mesg.msg_control = &msgpi4;
-        mesg.msg_controllen = sizeof msgpi4;
+        mesg.msg_control = &opi;
+        mesg.msg_controllen = sizeof (struct openvpn_in4_pktinfo);
         mesg.msg_flags = 0;
         cmsg = CMSG_FIRSTHDR (&mesg);
         cmsg->cmsg_len = sizeof (struct openvpn_in4_pktinfo);
@@ -2834,12 +2834,11 @@ link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
       }
     case AF_INET6:
       {
-        struct openvpn_in6_pktinfo msgpi6;
         struct in6_pktinfo *pkti6;
         mesg.msg_name = &to->dest.addr.sa;
         mesg.msg_namelen = sizeof (struct sockaddr_in6);
-        mesg.msg_control = &msgpi6;
-        mesg.msg_controllen = sizeof msgpi6;
+        mesg.msg_control = &opi;
+        mesg.msg_controllen = sizeof (struct openvpn_in6_pktinfo);
         mesg.msg_flags = 0;
         cmsg = CMSG_FIRSTHDR (&mesg);
         cmsg->cmsg_len = sizeof (struct openvpn_in6_pktinfo);