From 4b64d01d9d805a2cea9ec13e172e5c6a8f84b20d Mon Sep 17 00:00:00 2001
From: christos <christos@NetBSD.org>
Date: Sat, 6 Nov 2010 17:17:13 +0000
Subject: [PATCH] PR/44054: Onno van der Linden: Stacksmashing in handling of
 ioctl OOSIO* parameter.

---
 sys/net/if.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/sys/net/if.c b/sys/net/if.c
index 8f98043b6353..eaa8cacb3af6 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.246 2010/11/02 22:34:21 christos Exp $	*/
+/*	$NetBSD: if.c,v 1.247 2010/11/06 17:17:13 christos Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.246 2010/11/02 22:34:21 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.247 2010/11/06 17:17:13 christos Exp $");
 
 #include "opt_inet.h"
 
@@ -1916,19 +1916,33 @@ ifconf(u_long cmd, void *data)
 }
 
 int
-ifreq_setaddr(const u_long cmd, struct ifreq *ifr, const struct sockaddr *sa)
+ifreq_setaddr(u_long cmd, struct ifreq *ifr, const struct sockaddr *sa)
 {
 	uint8_t len;
-	u_long ncmd;
-
-	if ((ncmd = compat_cvtcmd(cmd)) != cmd)
-		len = sizeof(ifr->ifr_addr);
-	else
+#ifdef COMPAT_OIFREQ
+	struct ifreq ifrb;
+	struct oifreq *oifr = NULL;
+	u_long ocmd = cmd;
+	cmd = compat_cvtcmd(cmd);
+	if (cmd != ocmd) {
+		oifr = (struct oifreq *)(void *)ifr;
+		ifr = &ifrb;
+		ifreqo2n(oifr, ifr);
+		len = sizeof(oifr->ifr_addr);
+	} else
+#endif
 		len = sizeof(ifr->ifr_ifru.ifru_space);
+
 	if (len < sa->sa_len)
 		return EFBIG;
+
 	memset(&ifr->ifr_addr, 0, len);
 	sockaddr_copy(&ifr->ifr_addr, len, sa);
+
+#ifdef COMPAT_OIFREQ
+	if (cmd != ocmd)
+		ifreqn2o(oifr, ifr);
+#endif
 	return 0;
 }