Re: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up

To: gnats-bugs%netbsd.org@localhost
Subject: Re: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
From: Takahiro HAYASHI <hash%abox3.so-net.ne.jp@localhost>
Date: Tue, 01 Mar 2011 14:01:50 +0900

Simpler patch is provided:

Index: src/usr.sbin/pppd/pppd/sys-bsd.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/pppd/pppd/sys-bsd.c,v
retrieving revision 1.62
diff -u -r1.62 sys-bsd.c
--- src/usr.sbin/pppd/pppd/sys-bsd.c    10 Mar 2010 13:45:39 -0000      1.62
+++ src/usr.sbin/pppd/pppd/sys-bsd.c    19 Feb 2011 21:36:45 -0000
@@ -793,7 +793,7 @@
     addreq6.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
     memset(&addreq6.ifra_prefixmask.sin6_addr, 0xff,
        sizeof(addreq6.ifra_prefixmask.sin6_addr) - sizeof(our_eui64));
-    memset(&addreq6.ifra_prefixmask.sin6_addr +
+    memset((char *)&addreq6.ifra_prefixmask.sin6_addr +
        sizeof(addreq6.ifra_prefixmask.sin6_addr) - sizeof(our_eui64), 0x00,
        sizeof(our_eui64));
 

The pointer passed to memset() should be advanced 8 bytes,
but the original code advances sizeof(struct in6_addr) * 8 bytes.
This may cause stack breakage.

--
Takahiro HAYASHI

References:
- bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
  - From: Takahiro HAYASHI

Prev by Date: Re: kern/44647: routed sometimes thinls kernel routes disappear
Next by Date: Re: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
Previous by Thread: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
Next by Thread: Re: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
Indexes:

Home | Main Index | Thread Index | Old Index