From e11a828011e066a45e5a8fc2f3be3e2b56291301 Mon Sep 17 00:00:00 2001 From: Tristan Matthews <tristan.matthews@savoirfairelinux.com> Date: Thu, 17 Apr 2014 15:15:41 -0400 Subject: [PATCH] ip_utils: fix buffer overflow pjsockaddr is a union that is larger than ifr_addr.addr The size to copy depends on the IP family. Refs #45559 --- daemon/src/ip_utils.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/daemon/src/ip_utils.cpp b/daemon/src/ip_utils.cpp index 59e5d3e120..7ed0ffa0ea 100644 --- a/daemon/src/ip_utils.cpp +++ b/daemon/src/ip_utils.cpp @@ -170,7 +170,10 @@ ip_utils::getInterfaceAddr(const std::string &interface, pj_uint16_t family) close(fd); sockaddr* unix_addr = &ifr.ifr_addr; - memcpy(&saddr, &ifr.ifr_addr, sizeof(pj_sockaddr)); + + memcpy(&saddr, unix_addr, unix_addr->sa_family == AF_INET6 ? + sizeof saddr.ipv6 : sizeof saddr.ipv4); + if ((ifr.ifr_addr.sa_family == AF_INET && IN_IS_ADDR_UNSPECIFIED(&((sockaddr_in *)unix_addr)->sin_addr )) || (ifr.ifr_addr.sa_family == AF_INET6 && IN6_IS_ADDR_UNSPECIFIED(&((sockaddr_in6*)unix_addr)->sin6_addr))) { return getLocalAddr(saddr.addr.sa_family); -- GitLab