Open milesbarr opened 7 years ago
Hi, This section found under RecvFromBlockingIPV4And6 function, where RAKNET_SUPPORT_IPV6 is enabled. See socket declaration in RakNetTypes.h in line 211, in this mode, structure size is sockaddr_in6.
union// In6OrIn4 {
struct sockaddr_storage sa_stor;
sockaddr_in6 addr6;
sockaddr_in addr4;
} address;
It is actually the aip->ai_addr
value returned by getaddrinfo
which can contain an IPv4 address (on Windows at least). memcpy
is passed the size of an IPv6 address, which will read out of bounds on the iap->ai_addr
value.
In PrepareAddrInfoHints2(&hints) protocol settings is not defined, getaddrinfo send back all ipv4 and ipv6 address. Need checking assigned ipv6 and ipv4 addresses. Ipv4 address assigned to nic?
@milesbarr , nice catch and thanks for the contribution. I just applied your changes to SLikeNet. It's available in the SVN and GitHub repositories (https://github.com/SLikeSoft/SLikeNet) and is expected to get shipped with SLikeNet 0.2.0 (internal case number: SLNET-202).
Since we did an unplanned release of SLikeNet, we decided to incorporate this pull request (aka: case SLNET-202) in SLikeNet 0.1.2 already which is available now on https://www.slikenet.com/ and on the GitHub project page: https://github.com/SLikeSoft/SLikeNet/releases/tag/v.0.1.2 .
The code sometimes copies an IPv4 address with the size of an IPv6 address.