Zero the un-used portions of the struct sockaddr data before sending
it back to userspace, so it does not break bind(2) on raw sockets in jails. Currently some processes, like traceroute(8) construct a routing request to determine its source address based on the destination. This sockaddr data is fed directly to bind(2). When bind calls ifa_ifwithaddr(9) to make sure the address exists on the interface, the comparison will fail causing bind(2) to return EADDRNOTAVAIL if the data wasnt zero'ed before initialization. Approved by: bmilekic (mentor)
This commit is contained in:
Christian S.J. Peron
parent
9c4b841b67
commit
3581cc66bb
@ -404,6 +404,7 @@ route_output(struct mbuf *m, struct socket *so)
|
||||
info.rti_info[RTAX_IFP] =
|
||||
ifaddr_byindex(ifp->if_index)->ifa_addr;
|
||||
if (jailed(so->so_cred)) {
|
||||
memset(&jail, 0, sizeof(jail));
|
||||
jail.sin_family = PF_INET;
|
||||
jail.sin_len = sizeof(jail);
|
||||
jail.sin_addr.s_addr =
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user