[1/1] net: don't memcpy to NULL

Message ID	20221207105329.28271-1-heinrich.schuchardt@canonical.com
State	Accepted
Commit	56e3b1470333eb9294a5ae5f58515377aa546aae
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> To: Joe Hershberger <joe.hershberger@ni.com>, Ramon Fried <rfried.dev@gmail.com> Cc: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>, Simon Glass <sjg@chromium.org>, u-boot@lists.denx.de, Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Subject: [PATCH 1/1] net: don't memcpy to NULL Date: Wed, 7 Dec 2022 11:53:29 +0100 Message-Id: <20221207105329.28271-1-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[1/1] net: don't memcpy to NULL \| expand [1/1] net: don't memcpy to NULL

Message ID

20221207105329.28271-1-heinrich.schuchardt@canonical.com

State

Accepted

Commit

56e3b1470333eb9294a5ae5f58515377aa546aae

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.a=rsa-sha256 header.s=20210705 header.b=uJMOVfFZ;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4NRvKT3wHfz23yq
	for <incoming@patchwork.ozlabs.org>; Wed,  7 Dec 2022 21:53:47 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 24C39853BD;
	Wed,  7 Dec 2022 11:53:41 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.b="uJMOVfFZ";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id B1E31852E2; Wed,  7 Dec 2022 11:53:39 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from smtp-relay-canonical-0.canonical.com
 (smtp-relay-canonical-0.canonical.com [185.125.188.120])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 85CEE851C1
 for <u-boot@lists.denx.de>; Wed,  7 Dec 2022 11:53:37 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: phobos.denx.de; spf=pass
 smtp.mailfrom=heinrich.schuchardt@canonical.com
Received: from LT2ubnt.fritz.box (ip-088-152-145-137.um26.pools.vodafone-ip.de
 [88.152.145.137])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id CB54F4240B;
 Wed,  7 Dec 2022 10:53:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1670410417;
 bh=IjuR+Bg2rOfdw5R42SXj9VJq1pXbmoAhf2JjjQK/KqM=;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=uJMOVfFZGhyuarRQ7QAOpJGD9nxMI673Cr4bJ0tQgJZmx5qTWWZ3pK6sGxgap8HQc
 4cyu9s4LozyBcWJwZ63F+6qbzwyGaexMxHGe0tX9ceGiIpnCLzUawjUPmhuPgAy6i2
 Eb03xD90enDCDtqgCb+G1LdRvi88quKKXYjlD+ocCQM1WazJFYEEvDZ8rT28NX7PKH
 l97EDQXj6zHCIFImgNJm/vsLWQN2EOvILxfj3GZuIjrKCd9FKVymARB5hJwCqTfwPa
 8wI2czapZaOUlnqzJLoHSjbkf2OOVzCs+jiwHqycdUPK4CZpOgAhwCynECDpwMwd7l
 +bMZB+uETvmIA==
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
To: Joe Hershberger <joe.hershberger@ni.com>,
 Ramon Fried <rfried.dev@gmail.com>
Cc: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>,
 Simon Glass <sjg@chromium.org>, u-boot@lists.denx.de,
 Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Subject: [PATCH 1/1] net: don't memcpy to NULL
Date: Wed,  7 Dec 2022 11:53:29 +0100
Message-Id: <20221207105329.28271-1-heinrich.schuchardt@canonical.com>
X-Mailer: git-send-email 2.37.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

Series

[1/1] net: don't memcpy to NULL | expand

Commit Message

Heinrich Schuchardt Dec. 7, 2022, 10:53 a.m. UTC

In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.

net_nd_packet_mac is a pointer. If it is NULL, we should set it to the
address of the buffer with the MAC address.

Addresses-Coverity-ID: 430974 ("Out-of-bounds access")
Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
---
 net/ndisc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Bin Meng Dec. 7, 2022, 11:03 a.m. UTC | #1

On Wed, Dec 7, 2022 at 6:53 PM Heinrich Schuchardt
<heinrich.schuchardt@canonical.com> wrote:
>
> In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.
>
> net_nd_packet_mac is a pointer. If it is NULL, we should set it to the
> address of the buffer with the MAC address.
>
> Addresses-Coverity-ID: 430974 ("Out-of-bounds access")
> Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> ---
>  net/ndisc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

Vyacheslav V. Mitrofanov Dec. 7, 2022, 11:19 a.m. UTC | #2

On Wed, 2022-12-07 at 11:53 +0100, Heinrich Schuchardt wrote:
> «Внимание! Данное письмо от внешнего адресата!»
> 
> In ndisc_receive() 7 bytes are copied from a buffer of size 6 to
> NULL.
> 
> net_nd_packet_mac is a pointer. If it is NULL, we should set it to
> the
> address of the buffer with the MAC address.
> 
> Addresses-Coverity-ID: 430974 ("Out-of-bounds access")
> Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol
> (NDP)")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com
> >
> ---
>  net/ndisc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ndisc.c b/net/ndisc.c
> index 3c0eeeaea3..367dae7676 100644
> --- a/net/ndisc.c
> +++ b/net/ndisc.c
> @@ -265,7 +265,7 @@ int ndisc_receive(struct ethernet_hdr *et, struct
> ip6_hdr *ip6, int len)
> 
>                         /* save address for later use */
>                         if (!net_nd_packet_mac)
> -                               memcpy(net_nd_packet_mac,
> neigh_eth_addr, 7);
> +                               net_nd_packet_mac = neigh_eth_addr;
> 
>                         /* modify header, and transmit it */
>                         memcpy(((struct ethernet_hdr
> *)net_nd_tx_packet)->et_dest,
> --
> 2.37.2
> 
> 
Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>

Tom Rini Dec. 23, 2022, 3:01 p.m. UTC | #3

On Wed, Dec 07, 2022 at 11:53:29AM +0100, Heinrich Schuchardt wrote:

> In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.
> 
> net_nd_packet_mac is a pointer. If it is NULL, we should set it to the
> address of the buffer with the MAC address.
> 
> Addresses-Coverity-ID: 430974 ("Out-of-bounds access")
> Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
> Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>

Applied to u-boot/master, thanks!

diff --git a/net/ndisc.c b/net/ndisc.c
index 3c0eeeaea3..367dae7676 100644
--- a/net/ndisc.c
+++ b/net/ndisc.c
@@ -265,7 +265,7 @@  int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len)
 
 			/* save address for later use */
 			if (!net_nd_packet_mac)
-				memcpy(net_nd_packet_mac, neigh_eth_addr, 7);
+				net_nd_packet_mac = neigh_eth_addr;
 
 			/* modify header, and transmit it */
 			memcpy(((struct ethernet_hdr *)net_nd_tx_packet)->et_dest,

[1/1] net: don't memcpy to NULL

Commit Message

Comments

Patch