On Mon, Jul 31, 2017 at 12:30 AM, Arnd Bergmann <arnd@xxxxxxxx> wrote: > On Mon, Jul 31, 2017 at 9:08 AM, Moni Shoua <monis@xxxxxxxxxxxx> wrote: >> On Mon, Jul 31, 2017 at 9:50 AM, Arnd Bergmann <arnd@xxxxxxxx> wrote: >>> --- a/include/rdma/ib_addr.h >>> +++ b/include/rdma/ib_addr.h >>> @@ -172,7 +172,8 @@ static inline int rdma_ip2gid(struct sockaddr *addr, union ib_gid *gid) >>> (struct in6_addr *)gid); >>> break; >>> case AF_INET6: >>> - memcpy(gid->raw, &((struct sockaddr_in6 *)addr)->sin6_addr, 16); >>> + *(struct in6_addr *)&gid->raw = >>> + ((struct sockaddr_in6 *)addr)->sin6_addr; This seems reasonable. >>> break; >>> default: >>> return -EINVAL; >> what happens if you replace 16 with sizeof(struct in6_addr)? > > Same thing: the problem is that gcc already knows the size of the structure we > pass in here, and it is in fact shorter. So gcc is ignoring both the cast (to 16 byte struct in6_addr) and the caller's actual 128 byte struct sockaddr_storage, and looking only at struct sockaddr? That seems really weird. -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
