opensmtpd: properly use getsockname and getpeername

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

opensmtpd: properly use getsockname and getpeername

Leah Neukirchen
Hi,

in src/usr.sbin/smtpd/mta_session.c 1.124 two bugs are introduced:
- getsockname/getpeername are passed a struct sockaddr, too small
  to hold an IPv6 address.
- sa_len is uninitialized.

Detected thanks to -fstack-protector on Void Linux,
which killed it immediately after connecting to the MTA.

This patch fixes both issues:

--- a/smtpd/mta_session.c
+++ b/smtpd/mta_session.c
@@ -1811,21 +1811,25 @@ mta_filter_end(struct mta_session *s)
 static void
 mta_connected(struct mta_session *s)
 {
- struct sockaddr sa_src;
- struct sockaddr sa_dest;
+ struct sockaddr_storage sa_src;
+ struct sockaddr_storage sa_dest;
  int sa_len;
 
  log_info("%016"PRIx64" mta connected", s->id);
 
- if (getsockname(io_fileno(s->io), &sa_src, &sa_len) == -1)
+ sa_len = sizeof sa_src;
+ if (getsockname(io_fileno(s->io),
+    (struct sockaddr *)&sa_src, &sa_len) == -1)
  bzero(&sa_src, sizeof sa_src);
- if (getpeername(io_fileno(s->io), &sa_dest, &sa_len) == -1)
+ sa_len = sizeof sa_dest;
+ if (getpeername(io_fileno(s->io),
+    (struct sockaddr *)&sa_dest, &sa_len) == -1)
  bzero(&sa_dest, sizeof sa_dest);
 
  mta_report_link_connect(s,
     s->route->dst->ptrname, 1,
-    (struct sockaddr_storage *)&sa_src,
-    (struct sockaddr_storage *)&sa_dest);
+    &sa_src,
+    &sa_dest);
 }
 
 static void

Cheers,
--
Leah Neukirchen  <[hidden email]>  https://leahneukirchen.org/

Reply | Threaded
Open this post in threaded view
|

Re: opensmtpd: properly use getsockname and getpeername

Todd C. Miller-3
Thanks, I've committed the fix.

 - todd