in input, clear the address union before putting an ipv4 address in it.

the whole vxlan address is used for lookups in the RB tree, so any
garbage on the stack where the address sits could confuse the lookup.
it looks like i was lucky before, but if you receive vxlan over
ipsec you are less lucky.

found by and fix tested by jason tubnor.

diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c
index e6687e9..c8d3bc4 100644 (file)
--- a/sys/net/if_vxlan.c
+++ b/sys/net/if_vxlan.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_vxlan.c,v 1.88 2022/02/18 03:22:27 dlg Exp $ */
+/*     $OpenBSD: if_vxlan.c,v 1.89 2022/02/21 05:19:07 dlg Exp $ */
 
 /*
  * Copyright (c) 2021 David Gwynne <dlg@openbsd.org>
@@ -633,6 +633,7 @@ vxlan_input(void *arg, struct mbuf *m, struct ip *ip, struct ip6_hdr *ip6,
        port = uh->uh_sport;
 
        if (ip != NULL) {
+               memset(&addr, 0, sizeof(addr));
                addr.in4 = ip->ip_src;
                tos = ip->ip_tos;
        }