[PATCH 1/4] iphlpapi: MacOS struct sockaddr is 4 byte aligned on 64 bit.
Stefan Dösinger
stefan at codeweavers.com
Sun Apr 12 07:24:54 CDT 2020
Signed-off-by: Stefan Dösinger <stefan at codeweavers.com>
---
This fixes random crashes in AllocateAndGetIpNetTableFromStack on MacOS
Catalina. Netmask sockaddr_ins only have enough bytes to store the bits
of the netmask that are non-zero, which are 0 for the default route -
this leads to a 4 byte struct in the array.
As a result we read the gateway wrong on 64 bit builds. That was
survivable at least as far as memory allocations go, but since Catalina
there is one more struct sockaddr in the route info for some routes -
RTA_IFA. Thanks to the wrong offset from the netmask we added a byte
originating from the gateway's IP address to the RTA_IFA pointer and
tried to read the address only to realize later that we don't know what
to do anyway. Depending on the IP address and if the route in question
is towards the end of the routing table we might read beyond the memory
buffer.
A similar problem occurs with AF_LINK sockaddrs which have a size of 20
bytes, which we incorrectly aligned to 24.
See https://opensource.apple.com/source/network_cmds/network_cmds-596/netstat.tproj/route.c.
---
dlls/iphlpapi/ipstats.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/iphlpapi/ipstats.c b/dlls/iphlpapi/ipstats.c
index efb4d64c90..94fb4af5fa 100644
--- a/dlls/iphlpapi/ipstats.c
+++ b/dlls/iphlpapi/ipstats.c
@@ -145,7 +145,7 @@
#ifndef ROUNDUP
#define ROUNDUP(a) \
- ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
+ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(uint32_t) - 1))) : sizeof(uint32_t))
#endif
#ifndef ADVANCE
#define ADVANCE(x, n) (x += ROUNDUP(((struct sockaddr *)n)->sa_len))
--
2.24.1 (Apple Git-126)
More information about the wine-devel
mailing list