slirp: don't zero the whole ti_i when m == NULL

98c63057d2144fb81681580cd84c13c93794c96e ('slirp: Factorizing
tcpiphdr structure with an union') introduced a memset call to clear
possibly-undefined fields in ti. This however overwrites src/dst/pr which
are used below.

So let us clear only the unused fields.

This should fix some rare cases (some RST cases, keep alive probes)
where packets would be sent to 0.0.0.0.

Signed-off-by: Tao Wu <lepton@google.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index dc8b4bbb50e48174d0019629298f7609c53adbe0..da0d53743f55d2b9f90365a416e4efac10be9693 100644 (file)
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -148,7 +148,16 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct mbuf *m,
                m->m_data += IF_MAXLINKHDR;
                *mtod(m, struct tcpiphdr *) = *ti;
                ti = mtod(m, struct tcpiphdr *);
-               memset(&ti->ti, 0, sizeof(ti->ti));
+               switch (af) {
+               case AF_INET:
+                   ti->ti.ti_i4.ih_x1 = 0;
+                   break;
+               case AF_INET6:
+                   ti->ti.ti_i6.ih_x1 = 0;
+                   break;
+               default:
+                   g_assert_not_reached();
+               }
                flags = TH_ACK;
        } else {
                /*