xnu-4570.51.1.tar.gz

[apple/xnu.git] / bsd / net / necp.c

diff --git a/bsd/net/necp.c b/bsd/net/necp.c
index 22f5afbd54c1df59704e11c1ec6b04e71cdadd3a..1e6a5dcd2a280bd114f814285e6dc1c27f91989d 100644 (file)
--- a/bsd/net/necp.c
+++ b/bsd/net/necp.c
@@ -6539,8 +6539,20 @@ necp_application_find_policy_match_internal(proc_t proc,
                                is_local = TRUE;
                        } else if (returned_result->routed_interface_index != 0 &&
                                !no_remote_addr) {
+                               // Clean up the address before comparison with interface addresses
+
+                               // Transform remote_addr into the ifaddr form
+                               // IPv6 Scope IDs are always embedded in the ifaddr list
+                               struct sockaddr_storage remote_address_sanitized;
+                               u_int ifscope = IFSCOPE_NONE;
+                               (void)sa_copy(&remote_addr.sa, &remote_address_sanitized, &ifscope);
+                               SIN(&remote_address_sanitized)->sin_port = 0;
+                               if (remote_address_sanitized.ss_family == AF_INET6) {
+                                       SIN6(&remote_address_sanitized)->sin6_scope_id = 0;
+                               }
+
                                // Check if remote address is an interface address
-                               struct ifaddr *ifa = ifa_ifwithaddr(&remote_addr.sa);
+                               struct ifaddr *ifa = ifa_ifwithaddr((struct sockaddr *)&remote_address_sanitized);
                                if (ifa != NULL && ifa->ifa_ifp != NULL) {
                                        u_int if_index_for_remote_addr = ifa->ifa_ifp->if_index;
                                        if (if_index_for_remote_addr == returned_result->routed_interface_index ||