From: Vitaliy Makkoveev Subject: Re: tcp_respond - use memcpy To: David Hill Cc: tech@openbsd.org Date: Sun, 12 Jan 2025 16:04:30 +0300 > On 12 Jan 2025, at 00:03, David Hill wrote: > > ip6 and th both point to location on m, which is new memory from m_gethdr. There should be no overlapping memory, so use memcpy. > ok mvs > Index: tcp_subr.c > =================================================================== > RCS file: /cvs/src/sys/netinet/tcp_subr.c,v > diff -u -p -u -p -U15 -r1.204 tcp_subr.c > --- tcp_subr.c 3 Jan 2025 17:23:51 -0000 1.204 > +++ tcp_subr.c 11 Jan 2025 20:58:28 -0000 > @@ -322,48 +322,48 @@ tcp_respond(struct tcpcb *tp, caddr_t te > > m = m_gethdr(M_DONTWAIT, MT_HEADER); > if (m == NULL) > return; > m->m_data += max_linkhdr; > tlen = 0; > > #define xchg(a,b,type) do { type t; t=a; a=b; b=t; } while (0) > switch (af) { > #ifdef INET6 > case AF_INET6: > ip6 = mtod(m, struct ip6_hdr *); > th = (struct tcphdr *)(ip6 + 1); > tlen = sizeof(*ip6) + sizeof(*th); > if (th0) { > - bcopy(template, ip6, sizeof(*ip6)); > - bcopy(th0, th, sizeof(*th)); > + memcpy(ip6, template, sizeof(*ip6)); > + memcpy(th, th0, sizeof(*th)); > xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr); > } else { > - bcopy(template, ip6, tlen); > + memcpy(ip6, template, tlen); > } > break; > #endif /* INET6 */ > case AF_INET: > ip = mtod(m, struct ip *); > th = (struct tcphdr *)(ip + 1); > tlen = sizeof(*ip) + sizeof(*th); > if (th0) { > - bcopy(template, ip, sizeof(*ip)); > - bcopy(th0, th, sizeof(*th)); > + memcpy(ip, template, sizeof(*ip)); > + memcpy(th, th0, sizeof(*th)); > xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, u_int32_t); > } else { > - bcopy(template, ip, tlen); > + memcpy(ip, template, tlen); > } > break; > } > if (th0) > xchg(th->th_dport, th->th_sport, u_int16_t); > else > flags = TH_ACK; > #undef xchg > > th->th_seq = htonl(seq); > th->th_ack = htonl(ack); > th->th_x2 = 0; > th->th_off = sizeof (struct tcphdr) >> 2; > th->th_flags = flags; > if (tp) >