| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Aug 2021 10:59:30 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: "Fabio M. De Francesco" <fmdefrancesco@...il.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Larry Finger <Larry.Finger@...inger.net>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: r8188eu: Fix different base types in
assignments and parameters
On Fri, Jul 30, 2021 at 08:14:52PM +0200, Fabio M. De Francesco wrote:
> static inline void __nat25_generate_ipx_network_addr_with_socket(unsigned char *networkAddr,
> - unsigned int *ipxNetAddr, unsigned short *ipxSocketAddr)
> + __be32 *ipxNetAddr, __be16 *ipxSocketAddr)
> {
> + union {
> + unsigned int f0;
> + unsigned char f1[4];
> + } addr;
> +
> memset(networkAddr, 0, MAX_NETWORK_ADDR_LEN);
>
> networkAddr[0] = NAT25_IPX;
> - memcpy(networkAddr+1, (unsigned char *)ipxNetAddr, 4);
> - memcpy(networkAddr+5, (unsigned char *)ipxSocketAddr, 2);
> + addr.f0 = be32_to_cpu(*ipxNetAddr);
> + memcpy(networkAddr+1, addr.f1, 4);
> + addr.f0 ^= addr.f0;
> + addr.f0 = be16_to_cpu(*ipxSocketAddr);
> + memcpy(networkAddr+5, addr.f1, 2);
Here is another bug which was obscured/caused by the union.
addr.f0 = be16_to_cpu(*ipxSocketAddr);
The addr.f0 variable is an int. On big endian systems only the last two
bytes are set:
memcpy(networkAddr+5, addr.f1, 2);
So this is the equivalent of:
memset(networkAddr+5, 0, 2);
regards,
dan carpenter
Powered by blists - more mailing lists