From b60bba339ee9fc5fde5586356620f4cd96dada8a Mon Sep 17 00:00:00 2001
From: chenwei <chadwill@aliyun.com>
Date: Fri, 2 Feb 2018 17:58:17 +0800
Subject: [PATCH] API : ff_sendmsg, use transient variables to avoid polluting
 user's data.

---
 lib/ff_syscall_wrapper.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/ff_syscall_wrapper.c b/lib/ff_syscall_wrapper.c
index b071d799..3e1e484d 100644
--- a/lib/ff_syscall_wrapper.c
+++ b/lib/ff_syscall_wrapper.c
@@ -609,13 +609,20 @@ ssize_t
 ff_sendmsg(int s, const struct msghdr *msg, int flags)
 {
     int rc;
+    struct sockaddr freebsd_sa;
+    void *linux_sa = msg->msg_name;
 
-    if (msg->msg_name != NULL) {
-        linux2freebsd_sockaddr(msg->msg_name,
-            sizeof(struct linux_sockaddr), msg->msg_name);
+    if (linux_sa != NULL) {
+        linux2freebsd_sockaddr(linux_sa,
+            sizeof(struct linux_sockaddr), &freebsd_sa);
+        __DECONST(struct msghdr *, msg)->msg_name = &freebsd_sa;
     }
 
-    if ((rc = sendit(curthread, s, __DECONST(struct msghdr *, msg), flags)))
+    rc = sendit(curthread, s, __DECONST(struct msghdr *, msg), flags);
+
+    __DECONST(struct msghdr *, msg)->msg_name = linux_sa;
+
+    if (rc)
         goto kern_fail;
 
     return (rc);