Hi,
On Sat, 10 Jan 2015 23:33:25 +0100
Alexander Aring <alex.aring@xxxxxxxxx> wrote:
> The structure "ieee802154_addr_sa" need to fit into the u8 sa_data[14]
> from struct sockaddr, because there is a casting of "struct sockaddr"
> and "struct ieee802154_sockaddr".
>
> I tested a compiling with a 32 bit system and detected that the
> "struct ieee802154_sockaddr", which contains the ieee802154_addr_sa
> structure, has a size of 20 bytes. The "struct sockaddr" has a size
> of 16 bytes. This doesn't fit together and some buffers are
> overflows. This patch changes the "addr_type" type definition from
> "int" to "u8". After this change it will be fits together.
Do look at how Unix domain sockets handle the problem. Also, IPv6
addresses exceed sizeof(struct sockaddr) quite significantly. Casting
pointers isn't a problem, only if we *ever* store our addrs to a struct
sockaddr will we have a problem.
Perhaps I am missing something, but from what I can tell, i think the
code is safe at least in that regard.
> Signed-off-by: Alexander Aring <alex.aring@xxxxxxxxx>
> ---
> include/net/af_ieee802154.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/net/af_ieee802154.h b/include/net/af_ieee802154.h
> index 7d38e2f..3652269 100644
> --- a/include/net/af_ieee802154.h
> +++ b/include/net/af_ieee802154.h
> @@ -33,7 +33,7 @@ enum {
> #define IEEE802154_ADDR_LEN 8
>
> struct ieee802154_addr_sa {
> - int addr_type;
> + u8 addr_type;
> u16 pan_id;
> union {
> u8 hwaddr[IEEE802154_ADDR_LEN];
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
