Subject: Re: CVS commit: src/lib/libpcap
To: None <source-changes@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: source-changes
Date: 03/20/2006 17:56:29
In article <20060320154314.830FB2DA27@cvs.netbsd.org>,
Matthias Drochner <drochner@netbsd.org> wrote:
>
>Module Name: src
>Committed By: drochner
>Date: Mon Mar 20 15:43:14 UTC 2006
>
>Modified Files:
> src/lib/libpcap: gencode.c
>
>Log Message:
>revert wrong fix to a non-existant problem
>
>Don't believe Coverity blindly!
>
Which part don't you believe:
struct in6_addr mask;
if (sizeof(mask) * 8 < masklen)
bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
memset(&mask, 0, sizeof(mask));
memset(&mask, 0xff, masklen / 8);
if (masklen % 8) {
mask.s6_addr[masklen / 8] =
(0xff << (8 - masklen % 8)) & 0xff;
}
-----
sizeof(mask) == 16
/* assume the maximum possible maxlen without calling bpf_error */
masklen == 128 = (16 * 8)
mask.s6_addr[masklen / 8] = mask.s6_addr[16] = oops, since in6_addr:
struct in6_addr {
union {
__uint8_t __u6_addr8[16];
__uint16_t __u6_addr16[8];
uint32_t __u6_addr32[4];
} __u6_addr; /* 128-bit IP6 address */
};
#define s6_addr __u6_addr.__u6_addr8
-----
Perhaps the proper fix is:
if (masklen < sizeof(mask) * 8)
bpf_error("mask length must be < %u", (unsigned int)(sizeof(mask) * 8));
christos