|
| From: | Valery Ushakov |
| Subject: | [lwip-devel] [bug #39956] netif_create_ip6_linklocal_address out of bounds access of netif::hwaddr |
| Date: | Thu, 05 Sep 2013 17:27:50 +0000 |
| User-agent: | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 |
URL:
<http://savannah.nongnu.org/bugs/?39956>
Summary: netif_create_ip6_linklocal_address out of bounds
access of netif::hwaddr
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: uwe
Submitted on: Thu 05 Sep 2013 05:27:49 PM GMT
Category: None
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release:
lwIP version: git head
_______________________________________________________
Details:
In the !from_mac_48bit case hwaddr is read in a loop from 0 to 7 as
netif->hwaddr[netif->hwaddr_len - i - 1] and no check is done if hwaddr_len is
large enough.
NETIF_MAX_HWADDR_LEN is 6 by default, so the above loop reads from hwaddr out
of bounds.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?39956>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |