From e11a828011e066a45e5a8fc2f3be3e2b56291301 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tristan.matthews@savoirfairelinux.com>
Date: Thu, 17 Apr 2014 15:15:41 -0400
Subject: [PATCH] ip_utils: fix buffer overflow

pjsockaddr is a union that is larger than ifr_addr.addr
The size to copy depends on the IP family.

Refs #45559
---
 daemon/src/ip_utils.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/daemon/src/ip_utils.cpp b/daemon/src/ip_utils.cpp
index 59e5d3e120..7ed0ffa0ea 100644
--- a/daemon/src/ip_utils.cpp
+++ b/daemon/src/ip_utils.cpp
@@ -170,7 +170,10 @@ ip_utils::getInterfaceAddr(const std::string &interface, pj_uint16_t family)
     close(fd);
 
     sockaddr* unix_addr = &ifr.ifr_addr;
-    memcpy(&saddr, &ifr.ifr_addr, sizeof(pj_sockaddr));
+
+    memcpy(&saddr, unix_addr, unix_addr->sa_family == AF_INET6 ?
+           sizeof saddr.ipv6 : sizeof saddr.ipv4);
+
     if ((ifr.ifr_addr.sa_family == AF_INET  &&  IN_IS_ADDR_UNSPECIFIED(&((sockaddr_in *)unix_addr)->sin_addr ))
     || (ifr.ifr_addr.sa_family == AF_INET6 && IN6_IS_ADDR_UNSPECIFIED(&((sockaddr_in6*)unix_addr)->sin6_addr))) {
         return getLocalAddr(saddr.addr.sa_family);
-- 
GitLab