MFstable/10 r301803:

MFC r299507:
r299507 (by cem):

rtadvd(8): Fix a typo in full msg receive logic

Check against the size of the struct, not the pointer. Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.

All users of cm_recv() supply a stack buffer.

On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.

While here, correct some types to be size_t or ssize_t.

CID: 1008477
Security: unix socket remotes may overflow stack in rtadvd