The PortAddress structure has no space for the actual address and should
be used only as a pointer to a larger buffer.

The issue was reported by gcc with enabled source fortification.

Signed-off-by: Miroslav Lichvar <mlich...@redhat.com>
---
 port.c | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/port.c b/port.c
index cee6445..872c7be 100644
--- a/port.c
+++ b/port.c
@@ -403,32 +403,34 @@ static int net_sync_resp_append(struct port *p, struct 
ptp_message *m)
        struct port *best = clock_best_port(p->clock);
        struct nsm_resp_tlv_head *head;
        struct Timestamp last_sync;
-       struct PortAddress paddr;
+       struct PortAddress *paddr;
        struct ptp_message *tmp;
        struct tlv_extra *extra;
        unsigned char *ptr;
+       char buf[sizeof(*paddr) + 16];
        int tlv_len;
 
        last_sync = tmv_to_Timestamp(clock_ingress_time(p->clock));
        pid = dad->pds.parentPortIdentity.clockIdentity;
+       paddr = (struct PortAddress *)buf;
 
        if (best && memcmp(&cid, &pid, sizeof(cid))) {
                /* Extract the parent's protocol address. */
-               paddr.networkProtocol = transport_type(best->trp);
-               paddr.addressLength =
-                       transport_protocol_addr(best->trp, paddr.address);
+               paddr->networkProtocol = transport_type(best->trp);
+               paddr->addressLength =
+                       transport_protocol_addr(best->trp, paddr->address);
                if (best->best) {
                        tmp = TAILQ_FIRST(&best->best->messages);
-                       extract_address(tmp, &paddr);
+                       extract_address(tmp, paddr);
                }
        } else {
                /* We are our own parent. */
-               paddr.networkProtocol = transport_type(p->trp);
-               paddr.addressLength =
-                       transport_protocol_addr(p->trp, paddr.address);
+               paddr->networkProtocol = transport_type(p->trp);
+               paddr->addressLength =
+                       transport_protocol_addr(p->trp, paddr->address);
        }
 
-       tlv_len = sizeof(*head) + sizeof(*extra->foot) + paddr.addressLength;
+       tlv_len = sizeof(*head) + sizeof(*extra->foot) + paddr->addressLength;
 
        extra = msg_tlv_append(m, tlv_len);
        if (!extra) {
@@ -439,12 +441,12 @@ static int net_sync_resp_append(struct port *p, struct 
ptp_message *m)
        head->type = TLV_PTPMON_RESP;
        head->length = tlv_len - sizeof(head->type) - sizeof(head->length);
        head->port_state = p->state == PS_GRAND_MASTER ? PS_MASTER : p->state;
-       head->parent_addr.networkProtocol = paddr.networkProtocol;
-       head->parent_addr.addressLength = paddr.addressLength;
-       memcpy(head->parent_addr.address, paddr.address, paddr.addressLength);
+       head->parent_addr.networkProtocol = paddr->networkProtocol;
+       head->parent_addr.addressLength = paddr->addressLength;
+       memcpy(head->parent_addr.address, paddr->address, paddr->addressLength);
 
        ptr = (unsigned char *) head;
-       ptr += sizeof(*head) + paddr.addressLength;
+       ptr += sizeof(*head) + paddr->addressLength;
        extra->foot = (struct nsm_resp_tlv_foot *) ptr;
 
        memcpy(&extra->foot->parent, &dad->pds, sizeof(extra->foot->parent));
-- 
2.14.3


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel

Reply via email to