From 82b5c162c3d73da0a2c548b97b7f6189edfba2e7 Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Sat, 27 Jan 2024 21:13:46 +0000
Subject: [PATCH] Declare address parameter in TCP SYN cache const.

tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup().  They
are needed for hash lookup and are not modified.

OK mvs@
---
 sys/netinet/tcp_input.c | 30 +++++++++++++++---------------
 sys/netinet/tcp_subr.c  |  6 +++---
 sys/netinet/tcp_var.h   |  4 ++--
 sys/netinet6/in6.h      |  8 +++++++-
 4 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 87501282178..75aa39d2a8d 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_input.c,v 1.398 2024/01/11 13:49:49 bluhm Exp $	*/
+/*	$OpenBSD: tcp_input.c,v 1.399 2024/01/27 21:13:46 bluhm Exp $	*/
 /*	$NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $	*/
 
 /*
@@ -201,8 +201,8 @@ int	 syn_cache_add(struct sockaddr *, struct sockaddr *, struct tcphdr *,
 struct socket *syn_cache_get(struct sockaddr *, struct sockaddr *,
 		struct tcphdr *, unsigned int, unsigned int, struct socket *,
 		struct mbuf *, uint64_t);
-struct syn_cache *syn_cache_lookup(struct sockaddr *, struct sockaddr *,
-		struct syn_cache_head **, u_int);
+struct syn_cache *syn_cache_lookup(const struct sockaddr *,
+		const struct sockaddr *, struct syn_cache_head **, u_int);
 
 /*
  * Insert segment ti into reassembly queue of tcp with
@@ -3109,9 +3109,9 @@ struct mutex syn_cache_mtx = MUTEX_INITIALIZER(IPL_SOFTNET);
 #ifndef INET6
 #define	SYN_HASHALL(hash, src, dst, rand) \
 do {									\
-	hash = SYN_HASH(&satosin(src)->sin_addr,			\
-		satosin(src)->sin_port,					\
-		satosin(dst)->sin_port, (rand));			\
+	hash = SYN_HASH(&satosin_const(src)->sin_addr,			\
+		satosin_const(src)->sin_port,				\
+		satosin_const(dst)->sin_port, (rand));			\
 } while (/*CONSTCOND*/ 0)
 #else
 #define SYN_HASH6(sa, sp, dp, rand) \
@@ -3125,14 +3125,14 @@ do {									\
 do {									\
 	switch ((src)->sa_family) {					\
 	case AF_INET:							\
-		hash = SYN_HASH(&satosin(src)->sin_addr,		\
-			satosin(src)->sin_port,				\
-			satosin(dst)->sin_port, (rand));		\
+		hash = SYN_HASH(&satosin_const(src)->sin_addr,		\
+			satosin_const(src)->sin_port,			\
+			satosin_const(dst)->sin_port, (rand));		\
 		break;							\
 	case AF_INET6:							\
-		hash = SYN_HASH6(&satosin6(src)->sin6_addr,		\
-			satosin6(src)->sin6_port,			\
-			satosin6(dst)->sin6_port, (rand));		\
+		hash = SYN_HASH6(&satosin6_const(src)->sin6_addr,	\
+			satosin6_const(src)->sin6_port,			\
+			satosin6_const(dst)->sin6_port, (rand));	\
 		break;							\
 	default:							\
 		hash = 0;						\
@@ -3423,7 +3423,7 @@ syn_cache_cleanup(struct tcpcb *tp)
  * Find an entry in the syn cache.
  */
 struct syn_cache *
-syn_cache_lookup(struct sockaddr *src, struct sockaddr *dst,
+syn_cache_lookup(const struct sockaddr *src, const struct sockaddr *dst,
     struct syn_cache_head **headp, u_int rtableid)
 {
 	struct syn_cache_set *sets[2];
@@ -3709,8 +3709,8 @@ syn_cache_reset(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th,
 }
 
 void
-syn_cache_unreach(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th,
-    u_int rtableid)
+syn_cache_unreach(const struct sockaddr *src, const struct sockaddr *dst,
+    struct tcphdr *th, u_int rtableid)
 {
 	struct syn_cache *sc;
 	struct syn_cache_head *scp;
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 6d65aa84948..8b5982a018e 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_subr.c,v 1.195 2024/01/11 13:49:49 bluhm Exp $	*/
+/*	$OpenBSD: tcp_subr.c,v 1.196 2024/01/27 21:13:46 bluhm Exp $	*/
 /*	$NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $	*/
 
 /*
@@ -698,8 +698,8 @@ tcp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d)
 		} else if (inet6ctlerrmap[cmd] == EHOSTUNREACH ||
 		    inet6ctlerrmap[cmd] == ENETUNREACH ||
 		    inet6ctlerrmap[cmd] == EHOSTDOWN)
-			syn_cache_unreach((struct sockaddr *)sa6_src,
-			    sa, &th, rdomain);
+			syn_cache_unreach(sin6tosa_const(sa6_src), sa, &th,
+			    rdomain);
 		in_pcbunref(inp);
 	} else {
 		in6_pcbnotify(&tcbtable, sa6, 0,
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index 6f4950679e4..0c5263f2799 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_var.h,v 1.174 2024/01/11 13:49:49 bluhm Exp $	*/
+/*	$OpenBSD: tcp_var.h,v 1.175 2024/01/27 21:13:46 bluhm Exp $	*/
 /*	$NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $	*/
 
 /*
@@ -799,7 +799,7 @@ int	tcp_signature(struct tdb *, int, struct mbuf *, struct tcphdr *,
 #endif /* TCP_SIGNATURE */
 void     tcp_set_iss_tsm(struct tcpcb *);
 
-void	 syn_cache_unreach(struct sockaddr *, struct sockaddr *,
+void	 syn_cache_unreach(const struct sockaddr *, const struct sockaddr *,
 	   struct tcphdr *, u_int);
 void	 syn_cache_init(void);
 void	 syn_cache_cleanup(struct tcpcb *);
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index 936ef6c9465..98384bfd352 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6.h,v 1.111 2023/11/28 13:23:20 bluhm Exp $	*/
+/*	$OpenBSD: in6.h,v 1.112 2024/01/27 21:13:46 bluhm Exp $	*/
 /*	$KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $	*/
 
 /*
@@ -459,6 +459,12 @@ sin6tosa(struct sockaddr_in6 *sin6)
 	return ((struct sockaddr *)(sin6));
 }
 
+static inline const struct sockaddr *
+sin6tosa_const(const struct sockaddr_in6 *sin6)
+{
+	return ((const struct sockaddr *)(sin6));
+}
+
 static inline struct in6_ifaddr *
 ifatoia6(struct ifaddr *ifa)
 {
-- 
2.20.1