Add padding to struct sadb_x_counter to make it comply with

alignment constraints documented in RFC 2367 section 2.2.
Fixes 'ipsecctl -ss' segfault observed on i386.
with and ok deraadt@ visa@ mikeb@

2 files changed, 4 insertions, 2 deletions

diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 7c5d9a62eaf..9c31163e95e 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.80 2018/08/28 15:15:02 mpi Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.81 2019/03/04 08:42:12 stsp Exp $ */
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) January 1998
  *
@@ -221,6 +221,7 @@ struct sadb_x_tap {
 struct sadb_x_counter {
 	uint16_t  sadb_x_counter_len;
 	uint16_t  sadb_x_counter_exttype;
+	uint32_t  sadb_x_counter_pad;
 	uint64_t  sadb_x_counter_ipackets;	/* Input IPsec packets */
 	uint64_t  sadb_x_counter_opackets;	/* Output IPsec packets */
 	uint64_t  sadb_x_counter_ibytes;	/* Input bytes */
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index 732a39d7004..c72bc152fa8 100644
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_convert.c,v 1.65 2019/01/13 14:31:55 mpi Exp $	*/
+/*	$OpenBSD: pfkeyv2_convert.c,v 1.66 2019/03/04 08:42:12 stsp Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -906,6 +906,7 @@ export_counter(void **p, struct tdb *tdb)
 
 	scnt->sadb_x_counter_len = sizeof(struct sadb_x_counter) /
 	    sizeof(uint64_t);
+	scnt->sadb_x_counter_pad = 0;
 	scnt->sadb_x_counter_ipackets = tdb->tdb_ipackets;
 	scnt->sadb_x_counter_opackets = tdb->tdb_opackets;
 	scnt->sadb_x_counter_ibytes = tdb->tdb_ibytes;