> On 12 Jan 2025, at 00:03, David Hill <dhill@mindcry.org> wrote:
> 
> ip6 and th both point to location on m, which is new memory from m_gethdr.  There should be no overlapping memory, so use memcpy.
> 

ok mvs

> Index: tcp_subr.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
> diff -u -p -u -p -U15 -r1.204 tcp_subr.c
> --- tcp_subr.c	3 Jan 2025 17:23:51 -0000	1.204
> +++ tcp_subr.c	11 Jan 2025 20:58:28 -0000
> @@ -322,48 +322,48 @@ tcp_respond(struct tcpcb *tp, caddr_t te
> 
> 	m = m_gethdr(M_DONTWAIT, MT_HEADER);
> 	if (m == NULL)
> 		return;
> 	m->m_data += max_linkhdr;
> 	tlen = 0;
> 
> #define xchg(a,b,type) do { type t; t=a; a=b; b=t; } while (0)
> 	switch (af) {
> #ifdef INET6
> 	case AF_INET6:
> 		ip6 = mtod(m, struct ip6_hdr *);
> 		th = (struct tcphdr *)(ip6 + 1);
> 		tlen = sizeof(*ip6) + sizeof(*th);
> 		if (th0) {
> -			bcopy(template, ip6, sizeof(*ip6));
> -			bcopy(th0, th, sizeof(*th));
> +			memcpy(ip6, template, sizeof(*ip6));
> +			memcpy(th, th0, sizeof(*th));
> 			xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
> 		} else {
> -			bcopy(template, ip6, tlen);
> +			memcpy(ip6, template, tlen);
> 		}
> 		break;
> #endif /* INET6 */
> 	case AF_INET:
> 		ip = mtod(m, struct ip *);
> 		th = (struct tcphdr *)(ip + 1);
> 		tlen = sizeof(*ip) + sizeof(*th);
> 		if (th0) {
> -			bcopy(template, ip, sizeof(*ip));
> -			bcopy(th0, th, sizeof(*th));
> +			memcpy(ip, template, sizeof(*ip));
> +			memcpy(th, th0, sizeof(*th));
> 			xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, u_int32_t);
> 		} else {
> -			bcopy(template, ip, tlen);
> +			memcpy(ip, template, tlen);
> 		}
> 		break;
> 	}
> 	if (th0)
> 		xchg(th->th_dport, th->th_sport, u_int16_t);
> 	else
> 		flags = TH_ACK;
> #undef xchg
> 
> 	th->th_seq = htonl(seq);
> 	th->th_ack = htonl(ack);
> 	th->th_x2 = 0;
> 	th->th_off = sizeof (struct tcphdr) >> 2;
> 	th->th_flags = flags;
> 	if (tp)
>