From 4872dafd8075fab781b7a3ac7ce6ac587e2a68e9 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Tue, 22 Apr 2025 13:12:24 +0200
Subject: [PATCH] vquic: init for every call to recvmsg

When calling recvmsg(), always set up the msg structures for
each call as there are OS implemenations that change members
of msg.

Fixes #17120
Reported-by: Harry Sintonen
Closes #17131
---
 lib/vquic/vquic.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c
index c1963b473a..46d8c5ad76 100644
--- a/lib/vquic/vquic.c
+++ b/lib/vquic/vquic.c
@@ -481,19 +481,21 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf,
   size_t pktlen;
   size_t offset, to;
 
-  msg_iov.iov_base = buf;
-  msg_iov.iov_len = (int)sizeof(buf);
-
-  memset(&msg, 0, sizeof(msg));
-  msg.msg_iov = &msg_iov;
-  msg.msg_iovlen = 1;
-  msg.msg_control = msg_ctrl;
-
   DEBUGASSERT(max_pkts > 0);
   for(pkts = 0, total_nread = 0; pkts < max_pkts;) {
+    /* fully initialise this on each call to `recvmsg()`. There are
+     * operating systems out there that mess with `msg_iov.iov_len`
+     * in the call (*staring at NetBSD*). */
+    memset(&msg, 0, sizeof(msg));
+    msg_iov.iov_base = buf;
+    msg_iov.iov_len = (int)sizeof(buf);
+    msg.msg_iov = &msg_iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = msg_ctrl;
     msg.msg_name = &remote_addr;
     msg.msg_namelen = sizeof(remote_addr);
     msg.msg_controllen = sizeof(msg_ctrl);
+
     while((nread = recvmsg(qctx->sockfd, &msg, 0)) == -1 &&
           SOCKERRNO == SOCKEINTR)
       ;
-- 
2.47.2