Try to fix a bug introduced in r228623. We started to copy the ifa_msghdr

as otherwise platforms with strict alignment would break.  It's unclear
to me if there's also a problem with access to the address list following
the structure.  However we never copied the address list after the structure
and thus are pointing at random memory.  For now just use a pointer to the
original memory for accessing the address list making it at least work on
platforms with weak memory access.

PR:			195445
Reported by:		wolfgang lyxys.ka.sub.org
Tested by:		wolfgang lyxys.ka.sub.org (x86)
MFC after:		3 days

1 files changed, 7 insertions, 5 deletions

diff --git a/contrib/bsnmp/snmp_mibII/mibII.c b/contrib/bsnmp/snmp_mibII/mibII.c
index b62ee66..9079d1d 100644
--- a/contrib/bsnmp/snmp_mibII/mibII.c
+++ b/contrib/bsnmp/snmp_mibII/mibII.c
@@ -982,7 +982,7 @@ handle_rtmsg(struct rt_msghdr *rtm)
 {
 	struct sockaddr *addrs[RTAX_MAX];
 	struct if_msghdr *ifm;
-	struct ifa_msghdr ifam;
+	struct ifa_msghdr ifam, *ifamp;
 	struct ifma_msghdr *ifmam;
 #ifdef RTM_IFANNOUNCE
 	struct if_announcemsghdr *ifan;
@@ -1002,8 +1002,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
 	switch (rtm->rtm_type) {
 
 	  case RTM_NEWADDR:
-		memcpy(&ifam, rtm, sizeof(ifam));
-		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
+		ifamp = (struct ifa_msghdr *)rtm;
+		memcpy(&ifam, ifamp, sizeof(ifam));
+		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
 		if (addrs[RTAX_IFA] == NULL || addrs[RTAX_NETMASK] == NULL)
 			break;
 
@@ -1029,8 +1030,9 @@ handle_rtmsg(struct rt_msghdr *rtm)
 		break;
 
 	  case RTM_DELADDR:
-		memcpy(&ifam, rtm, sizeof(ifam));
-		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(&ifam + 1), addrs);
+		ifamp = (struct ifa_msghdr *)rtm;
+		memcpy(&ifam, ifamp, sizeof(ifam));
+		mib_extract_addrs(ifam.ifam_addrs, (u_char *)(ifamp + 1), addrs);
 		if (addrs[RTAX_IFA] == NULL)
 			break;