NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
The following reply was made to PR bin/42923; it has been noted by GNATS.
From: Takahiro HAYASHI <hash%abox3.so-net.ne.jp@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/42923: pppd(8) catches SIGSEGV after IPv6CP link is up
Date: Tue, 01 Mar 2011 14:01:50 +0900
Simpler patch is provided:
Index: src/usr.sbin/pppd/pppd/sys-bsd.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/pppd/pppd/sys-bsd.c,v
retrieving revision 1.62
diff -u -r1.62 sys-bsd.c
--- src/usr.sbin/pppd/pppd/sys-bsd.c 10 Mar 2010 13:45:39 -0000 1.62
+++ src/usr.sbin/pppd/pppd/sys-bsd.c 19 Feb 2011 21:36:45 -0000
@@ -793,7 +793,7 @@
addreq6.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
memset(&addreq6.ifra_prefixmask.sin6_addr, 0xff,
sizeof(addreq6.ifra_prefixmask.sin6_addr) - sizeof(our_eui64));
- memset(&addreq6.ifra_prefixmask.sin6_addr +
+ memset((char *)&addreq6.ifra_prefixmask.sin6_addr +
sizeof(addreq6.ifra_prefixmask.sin6_addr) - sizeof(our_eui64), 0x00,
sizeof(our_eui64));
The pointer passed to memset() should be advanced 8 bytes,
but the original code advances sizeof(struct in6_addr) * 8 bytes.
This may cause stack breakage.
--
Takahiro HAYASHI
Home |
Main Index |
Thread Index |
Old Index