[PATCH 1/1] net: don't memcpy to NULL
In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.
net_nd_packet_mac is a pointer. If it is NULL, we should set it to the address of the buffer with the MAC address.
Addresses-Coverity-ID: 430974 ("Out-of-bounds access") Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)") Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- net/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ndisc.c b/net/ndisc.c index 3c0eeeaea3..367dae7676 100644 --- a/net/ndisc.c +++ b/net/ndisc.c @@ -265,7 +265,7 @@ int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len)
/* save address for later use */ if (!net_nd_packet_mac) - memcpy(net_nd_packet_mac, neigh_eth_addr, 7); + net_nd_packet_mac = neigh_eth_addr;
/* modify header, and transmit it */ memcpy(((struct ethernet_hdr *)net_nd_tx_packet)->et_dest,
On Wed, Dec 7, 2022 at 6:53 PM Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:
In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.
net_nd_packet_mac is a pointer. If it is NULL, we should set it to the address of the buffer with the MAC address.
Addresses-Coverity-ID: 430974 ("Out-of-bounds access") Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)") Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
net/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Bin Meng bmeng.cn@gmail.com
On Wed, 2022-12-07 at 11:53 +0100, Heinrich Schuchardt wrote:
«Внимание! Данное письмо от внешнего адресата!»
In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.
net_nd_packet_mac is a pointer. If it is NULL, we should set it to the address of the buffer with the MAC address.
Addresses-Coverity-ID: 430974 ("Out-of-bounds access") Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com
net/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ndisc.c b/net/ndisc.c index 3c0eeeaea3..367dae7676 100644 --- a/net/ndisc.c +++ b/net/ndisc.c @@ -265,7 +265,7 @@ int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len)
/* save address for later use */ if (!net_nd_packet_mac)
memcpy(net_nd_packet_mac,neigh_eth_addr, 7);
net_nd_packet_mac = neigh_eth_addr; /* modify header, and transmit it */ memcpy(((struct ethernet_hdr*)net_nd_tx_packet)->et_dest,
2.37.2
Reviewed-by: Viacheslav Mitrofanov v.v.mitrofanov@yadro.com
On Wed, Dec 07, 2022 at 11:53:29AM +0100, Heinrich Schuchardt wrote:
In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.
net_nd_packet_mac is a pointer. If it is NULL, we should set it to the address of the buffer with the MAC address.
Addresses-Coverity-ID: 430974 ("Out-of-bounds access") Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)") Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com Reviewed-by: Bin Meng bmeng.cn@gmail.com Reviewed-by: Viacheslav Mitrofanov v.v.mitrofanov@yadro.com
Applied to u-boot/master, thanks!
participants (4)
-
Bin Meng -
Heinrich Schuchardt -
Tom Rini -
Vyacheslav Mitrofanov V