From 20c7fcfedf9866f9a6a091a809014ec7a48d9932 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Wed, 27 Oct 2021 23:17:35 +0300
Subject: [PATCH] Kernel: Fix accidental memory over-read in getsockopt(IP_TTL)

We were accidentally casting the pointer to m_ttl from an u8* to an int*
which resulted in copying of 3 extra unrelated bytes (which turned out
to be padding in this case).
---
 Kernel/Net/IPv4Socket.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Kernel/Net/IPv4Socket.cpp b/Kernel/Net/IPv4Socket.cpp
index 83b3d794f7..7d64a68f32 100644
--- a/Kernel/Net/IPv4Socket.cpp
+++ b/Kernel/Net/IPv4Socket.cpp
@@ -551,12 +551,14 @@ KResult IPv4Socket::getsockopt(OpenFileDescription& description, int level, int
     TRY(copy_from_user(&size, value_size.unsafe_userspace_ptr()));
 
     switch (option) {
-    case IP_TTL:
+    case IP_TTL: {
         if (size < sizeof(int))
             return EINVAL;
-        TRY(copy_to_user(static_ptr_cast<int*>(value), (int*)&m_ttl));
+        int ttl = m_ttl;
+        TRY(copy_to_user(static_ptr_cast<int*>(value), (int*)&ttl));
         size = sizeof(int);
         return copy_to_user(value_size, &size);
+    }
     case IP_MULTICAST_LOOP: {
         if (size < 1)
             return EINVAL;