CMP_INT evaluates its arguments more than once, and thus passing a
post-incremented pointer as an argument causes double increments and
hence buffer overruns. This can be observed by erratic behavior of IPv6
address ranges. Fix by moving the increment to loop header.
Signed-off-by: Petr Machata <pe...@mellanox.com>
---
staging/tools.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/staging/tools.c b/staging/tools.c
index 9d2d1be..72445b6 100644
--- a/staging/tools.c
+++ b/staging/tools.c
@@ -233,8 +233,8 @@ int in6_addr_cmp(struct libnet_in6_addr addr1,
*p2 = addr2.__u6_addr.__u6_addr32;
int i, val = 0;
- for (i = 0; i < 4; i++) {
- val = CMP_INT(ntohl(*p1++), ntohl(*p2++));
+ for (i = 0; i < 4; i++, p1++, p2++) {
+ val = CMP_INT(ntohl(*p1), ntohl(*p2));
if (val) {
break;
}
--
2.4.11
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
