vrrpd: properly retrieve pkt src address

* Fix null dereference when retrieving IPv6 source address
* Change IPv4 code path to use system-specified source address instead
  of the one delivered in the IPv4 raw header

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

diff --git a/vrrpd/vrrp.c b/vrrpd/vrrp.c
index 7e8ce50c13dd662877d494996cdcd6ac1170990b..9c2b980eaf1c4ab6c402d767828f87dc10c31c3f 100644 (file)
--- a/vrrpd/vrrp.c
+++ b/vrrpd/vrrp.c
@@ -635,6 +635,7 @@ static int vrrp_read(struct thread *thread)
        ssize_t nbytes;
        bool resched;
        char errbuf[BUFSIZ];
+       struct sockaddr_storage sa;
        uint8_t control[64];
        struct ipaddr src = {};
 
@@ -642,8 +643,8 @@ static int vrrp_read(struct thread *thread)
        struct iovec iov;
        iov.iov_base = r->ibuf;
        iov.iov_len = sizeof(r->ibuf);
-       m.msg_name = NULL;
-       m.msg_namelen = 0;
+       m.msg_name = &sa;
+       m.msg_namelen = sizeof(sa);
        m.msg_iov = &iov;
        m.msg_iovlen = 1;
        m.msg_control = control;

diff --git a/vrrpd/vrrp_packet.c b/vrrpd/vrrp_packet.c
index 16613226dd0b615c0f926aaf9b873dc8b2f4d195..db31d163bc35e8831372c71bfa4ce49d4bca687a 100644 (file)
--- a/vrrpd/vrrp_packet.c
+++ b/vrrpd/vrrp_packet.c
@@ -226,8 +226,9 @@ ssize_t vrrp_pkt_parse_datagram(int family, int version, struct msghdr *m,
                VRRP_PKT_VCHECK(pktsize > 0, "IPv4 packet has no payload");
 
                /* Extract source address */
+               struct sockaddr_in *sa = m->msg_name;
                src->ipa_type = IPADDR_V4;
-               src->ipaddr_v4 = ip->ip_src;
+               src->ipaddr_v4 = sa->sin_addr;
        } else if (family == AF_INET6) {
                struct cmsghdr *c;
                for (c = CMSG_FIRSTHDR(m); c != NULL; CMSG_NXTHDR(m, c)) {
@@ -247,8 +248,8 @@ ssize_t vrrp_pkt_parse_datagram(int family, int version, struct msghdr *m,
                pktsize = read;
 
                /* Extract source address */
-               src->ipa_type = IPADDR_V6;
                struct sockaddr_in6 *sa = m->msg_name;
+               src->ipa_type = IPADDR_V6;
                memcpy(&src->ipaddr_v6, &sa->sin6_addr,
                       sizeof(struct in6_addr));
        } else {