From f0829825fb9dee5381d3b5f52f66d5e9384240e7 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Wed, 5 Jun 2024 19:44:46 +0200 Subject: [PATCH] netlink: pass the correct arguments for SIOCDIFADDR and SIOCDIFADDR_IN6 These take struct ifreq and struct in6_ifreq respectively. Passing struct in_aliasreq or struct in6_aliasreq means we're supplying a shorter object than expected. While this doesn't actively break things on most architectures other than CHERI it is still wrong. Reported by: CheriBSD Event: Kitchener-Waterloo Hackathon 202406 --- sys/netlink/route/iface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netlink/route/iface.c b/sys/netlink/route/iface.c index 19da6aea5f3..81db54ab12d 100644 --- a/sys/netlink/route/iface.c +++ b/sys/netlink/route/iface.c @@ -1204,7 +1204,7 @@ handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, return (EINVAL); } - struct in_aliasreq req = { .ifra_addr = *addr }; + struct ifreq req = { .ifr_addr = *(struct sockaddr *)addr }; return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp))); } @@ -1288,7 +1288,7 @@ handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, return (EINVAL); } - struct in6_aliasreq req = { .ifra_addr = *addr }; + struct in6_ifreq req = { .ifr_addr = *addr }; return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); }