[PATCH 1/1] net: don't memcpy to NULL

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Wed Dec 7 11:53:29 CET 2022


In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL.

net_nd_packet_mac is a pointer. If it is NULL, we should set it to the
address of the buffer with the MAC address.

Addresses-Coverity-ID: 430974 ("Out-of-bounds access")
Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 net/ndisc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ndisc.c b/net/ndisc.c
index 3c0eeeaea3..367dae7676 100644
--- a/net/ndisc.c
+++ b/net/ndisc.c
@@ -265,7 +265,7 @@ int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len)
 
 			/* save address for later use */
 			if (!net_nd_packet_mac)
-				memcpy(net_nd_packet_mac, neigh_eth_addr, 7);
+				net_nd_packet_mac = neigh_eth_addr;
 
 			/* modify header, and transmit it */
 			memcpy(((struct ethernet_hdr *)net_nd_tx_packet)->et_dest,
-- 
2.37.2



More information about the U-Boot mailing list