kaspar/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-12-25 06:23:53 +01:00
Code Releases Activity

gnrc_sixlowpan_iphc: fix Out-of-bounds read

Browse Source 
Coverty scan found this:

> CID 298279 (#1 of 1): Out-of-bounds read (OVERRUN)
> 21. overrun-local: Overrunning array of 16 bytes at byte offset 64 by dereferencing pointer

The original intention was probably to advance the destination pointer by 4 bytes, not
4 * the destination type size.
This commit is contained in:
Benjamin Valentin 2020-08-11 13:31:22 +02:00
parent b65c6abad5
commit a9a0671232
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c
View File

@ -417,7 +417,7 @@ static size_t _iphc_ipv6_decode(const uint8_t *iphc_hdr,
ipv6_hdr->dst.u8[1] = iphc_hdr[payload_offset++];
ipv6_hdr->dst.u8[2] = iphc_hdr[payload_offset++];
ipv6_hdr->dst.u8[3] = ctx->prefix_len;
ipv6_addr_init_prefix((ipv6_addr_t *)ipv6_hdr->dst.u8 + 4,
ipv6_addr_init_prefix((ipv6_addr_t *)(ipv6_hdr->dst.u8 + 4),
&ctx->prefix, ctx->prefix_len);
memcpy(ipv6_hdr->dst.u8 + 12, iphc_hdr + payload_offset + 2, 4);