* Snoopy(8) patch
@ 2019-06-06 15:21 Alex Musolino
2019-06-06 18:08 ` [9front] " Ori Bernstein
0 siblings, 1 reply; 2+ messages in thread
From: Alex Musolino @ 2019-06-06 15:21 UTC (permalink / raw)
To: 9front
Hello,
I've made some changes [1] to snoopy(8) in order to help with some
work I'm doing on dhcpd(8) to support the static route options.
Any objections to committing/pushing these?
[1] http://musolino.id.au/up/2019/06/05/snoopy.dhcp.patch
--
Cheers,
Alex Musolino
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [9front] Snoopy(8) patch
2019-06-06 15:21 Snoopy(8) patch Alex Musolino
@ 2019-06-06 18:08 ` Ori Bernstein
0 siblings, 0 replies; 2+ messages in thread
From: Ori Bernstein @ 2019-06-06 18:08 UTC (permalink / raw)
To: 9front; +Cc: Alex Musolino
On Fri, 7 Jun 2019 00:51:52 +0930
Alex Musolino <alex@musolino.id.au> wrote:
> Hello,
>
> I've made some changes [1] to snoopy(8) in order to help with some
> work I'm doing on dhcpd(8) to support the static route options.
>
> Any objections to committing/pushing these?
>
> [1] http://musolino.id.au/up/2019/06/05/snoopy.dhcp.patch
>
> --
> Cheers,
> Alex Musolino
>
If you inline the patch in the mail, it's easier for me to comment on it.
It mostly looks good to me, just noticed one thing:
> + uchar addr[4];
> ...
> + nbits = *o++;
Nbits is a uchar, so if we get a junk message, the maximum value here is 255.
> + n--;
> + nocts = (nbits+7)/8;
(255 + 7)/8 == 32
> + memset(addr, 0, 4);
> + if(n < nocts+4)
> + break;
> + memmove(addr, o, nocts);
And because addr is only 4 bytes, we overwrite random memory.
I think a check on nocts here is neeeded.
--
Ori Bernstein <ori@eigenstate.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-06-06 18:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-06 15:21 Snoopy(8) patch Alex Musolino
2019-06-06 18:08 ` [9front] " Ori Bernstein
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).