|
From: | Valery Ushakov |
Subject: | [lwip-devel] [bug #39956] netif_create_ip6_linklocal_address out of bounds access of netif::hwaddr |
Date: | Thu, 05 Sep 2013 17:27:50 +0000 |
User-agent: | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 |
URL: <http://savannah.nongnu.org/bugs/?39956> Summary: netif_create_ip6_linklocal_address out of bounds access of netif::hwaddr Project: lwIP - A Lightweight TCP/IP stack Submitted by: uwe Submitted on: Thu 05 Sep 2013 05:27:49 PM GMT Category: None Severity: 3 - Normal Item Group: Faulty Behaviour Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Planned Release: lwIP version: git head _______________________________________________________ Details: In the !from_mac_48bit case hwaddr is read in a loop from 0 to 7 as netif->hwaddr[netif->hwaddr_len - i - 1] and no check is done if hwaddr_len is large enough. NETIF_MAX_HWADDR_LEN is 6 by default, so the above loop reads from hwaddr out of bounds. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?39956> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |