[PATCH] mausezahn: Fix IPv6 address comparison
18 views
Skip to first unread message
Petr Machata
May 14, 2018, 6:08:56 PM5/14/18
to netsn...@googlegroups.com
CMP_INT evaluates its arguments more than once, and thus passing a
post-incremented pointer as an argument causes double increments and
hence buffer overruns. This can be observed by erratic behavior of IPv6
address ranges. Fix by moving the increment to loop header.
Signed-off-by: Petr Machata <pe...@mellanox.com>
---
staging/tools.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/staging/tools.c b/staging/tools.c
index 9d2d1be..72445b6 100644
--- a/staging/tools.c
+++ b/staging/tools.c
@@ -233,8 +233,8 @@ int in6_addr_cmp(struct libnet_in6_addr addr1,
*p2 = addr2.__u6_addr.__u6_addr32;
int i, val = 0;
- for (i = 0; i < 4; i++) {
- val = CMP_INT(ntohl(*p1++), ntohl(*p2++));
+ for (i = 0; i < 4; i++, p1++, p2++) {
+ val = CMP_INT(ntohl(*p1), ntohl(*p2));
if (val) {
break;
}
--
2.4.11
post-incremented pointer as an argument causes double increments and
hence buffer overruns. This can be observed by erratic behavior of IPv6
address ranges. Fix by moving the increment to loop header.
Signed-off-by: Petr Machata <pe...@mellanox.com>
---
staging/tools.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/staging/tools.c b/staging/tools.c
index 9d2d1be..72445b6 100644
--- a/staging/tools.c
+++ b/staging/tools.c
@@ -233,8 +233,8 @@ int in6_addr_cmp(struct libnet_in6_addr addr1,
*p2 = addr2.__u6_addr.__u6_addr32;
int i, val = 0;
- for (i = 0; i < 4; i++) {
- val = CMP_INT(ntohl(*p1++), ntohl(*p2++));
+ for (i = 0; i < 4; i++, p1++, p2++) {
+ val = CMP_INT(ntohl(*p1), ntohl(*p2));
if (val) {
break;
}
--
2.4.11
Tobias Klauser
May 15, 2018, 3:08:27 AM5/15/18
to Petr Machata, netsn...@googlegroups.com
On 2018-05-14 at 23:59:59 +0200, Petr Machata <pe...@mellanox.com> wrote:
> CMP_INT evaluates its arguments more than once, and thus passing a
> post-incremented pointer as an argument causes double increments and
> hence buffer overruns. This can be observed by erratic behavior of IPv6
> address ranges. Fix by moving the increment to loop header.
>
> Signed-off-by: Petr Machata <pe...@mellanox.com>
Applied, thank you!
> CMP_INT evaluates its arguments more than once, and thus passing a
> post-incremented pointer as an argument causes double increments and
> hence buffer overruns. This can be observed by erratic behavior of IPv6
> address ranges. Fix by moving the increment to loop header.
>
> Signed-off-by: Petr Machata <pe...@mellanox.com>
Reply all
Reply to author
Forward
0 new messages