Unbreak route6d.

Instead of breaking sendmsg(2) by adding unneeded space to its cmsg
item, add space to the cmsg used by recvmsg(2), where it will be used
to get the incoming packet hop limit.

Reported by several over the last years, and more recently by 'bsdsx',
who tested it against NetBSD route6d.  Also works against Quagga ripng.

ok deraadt@ sthen@

diff --git a/usr.sbin/route6d/route6d.c b/usr.sbin/route6d/route6d.c
index 53e2f4c..27155d2 100644 (file)
--- a/usr.sbin/route6d/route6d.c
+++ b/usr.sbin/route6d/route6d.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route6d.c,v 1.67 2015/09/11 20:14:58 mpi Exp $        */
+/*     $OpenBSD: route6d.c,v 1.68 2015/10/16 20:43:27 jca Exp $        */
 /*     $KAME: route6d.c,v 1.111 2006/10/25 06:38:13 jinmei Exp $       */
 
 /*
@@ -922,8 +922,7 @@ sendpacket(struct sockaddr_in6 *sin6, int len)
        struct iovec iov[2];
        union {
                struct cmsghdr hdr;
-               u_char buf[CMSG_SPACE(sizeof(struct in6_pktinfo)) +
-                   CMSG_SPACE(sizeof(int))];
+               u_char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
        } cmsgbuf;
        struct in6_pktinfo *pi;
        int idx;
@@ -994,7 +993,8 @@ riprecv(void)
        struct iovec iov[2];
        union {
                struct cmsghdr hdr;
-               u_char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+               u_char buf[CMSG_SPACE(sizeof(struct in6_pktinfo)) +
+                   CMSG_SPACE(sizeof(int))];
        } cmsgbuf;
        struct in6_pktinfo *pi = NULL;
        int *hlimp = NULL;