Kernel is missing propper input validation when configuring IPv6

addresses.  Implement in6_sa2sin6() to validate inet6 address family
and address length.  The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6,
SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2)
are safe now.
OK visa@

1 files changed, 6 insertions, 7 deletions

diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index ca3c5e3ddf1..6ab33419335 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6.h,v 1.104 2019/04/22 22:47:49 bluhm Exp $	*/
+/*	$OpenBSD: in6.h,v 1.105 2019/11/11 17:42:29 bluhm Exp $	*/
 /*	$KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $	*/
 
 /*
@@ -408,8 +408,11 @@ extern const u_char inet6ctlerrmap[];
 extern const struct in6_addr zeroin6_addr;
 
 struct mbuf;
+struct sockaddr;
+struct sockaddr_in6;
+struct ifaddr;
+struct in6_ifaddr;
 struct ifnet;
-struct cmsghdr;
 
 void	ipv6_input(struct ifnet *, struct mbuf *);
 
@@ -420,6 +423,7 @@ int	in6_addrscope(struct in6_addr *);
 struct	in6_ifaddr *in6_ifawithscope(struct ifnet *, struct in6_addr *, u_int);
 int	in6_mask2len(struct in6_addr *, u_char *);
 int	in6_nam2sin6(const struct mbuf *, struct sockaddr_in6 **);
+int	in6_sa2sin6(struct sockaddr *, struct sockaddr_in6 **);
 
 struct inpcb;
 
@@ -428,11 +432,6 @@ int	in6_embedscope(struct in6_addr *, const struct sockaddr_in6 *,
 void	in6_recoverscope(struct sockaddr_in6 *, const struct in6_addr *);
 void	in6_clearscope(struct in6_addr *);
 
-struct sockaddr;
-struct sockaddr_in6;
-struct ifaddr;
-struct in6_ifaddr;
-
 /*
  * Convert between address family specific and general structs.
  * Inline functions check the source type and are stricter than