On Fri, Jul 30, 2021 at 08:14:52PM +0200, Fabio M. De Francesco wrote:
> static inline void __nat25_generate_ipx_network_addr_with_socket(unsigned char *networkAddr,
> - unsigned int *ipxNetAddr, unsigned short *ipxSocketAddr)
> + __be32 *ipxNetAddr, __be16 *ipxSocketAddr)
> {
> + union {
> + unsigned int f0;
> + unsigned char f1[4];
> + } addr;
> +
> memset(networkAddr, 0, MAX_NETWORK_ADDR_LEN);
>
> networkAddr[0] = NAT25_IPX;
> - memcpy(networkAddr+1, (unsigned char *)ipxNetAddr, 4);
> - memcpy(networkAddr+5, (unsigned char *)ipxSocketAddr, 2);
> + addr.f0 = be32_to_cpu(*ipxNetAddr);
> + memcpy(networkAddr+1, addr.f1, 4);
> + addr.f0 ^= addr.f0;
> + addr.f0 = be16_to_cpu(*ipxSocketAddr);
> + memcpy(networkAddr+5, addr.f1, 2);
Here is another bug which was obscured/caused by the union.
addr.f0 = be16_to_cpu(*ipxSocketAddr);
The addr.f0 variable is an int. On big endian systems only the last two
bytes are set:
memcpy(networkAddr+5, addr.f1, 2);
So this is the equivalent of:
memset(networkAddr+5, 0, 2);
regards,
dan carpenter
