Bug 173002
| Summary: | [net] data type size problem in if_spppsubr.c | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Jens Wiatrowski <wiatro> | ||||||
| Component: | kern | Assignee: | freebsd-net (Nobody) <net> | ||||||
| Status: | Open --- | ||||||||
| Severity: | Affects Only Me | CC: | Alexander88207, avos, zlei | ||||||
| Priority: | Normal | ||||||||
| Version: | Unspecified | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://reviews.freebsd.org/D47335 | ||||||||
| Attachments: |
|
||||||||
|
Description
Jens Wiatrowski
2012-10-23 20:10:00 UTC
---------- Forwarded message ---------- From: Jens Wiatrowski <wiatro@gmx.net> Date: 23 October 2012 16:40 Subject: Re: Re: kern/173002: data type size problem in if_spppsubr.c To: Eitan Adler <lists@eitanadler.com> Hello Eitan, > >please send the output of "diff -u" (unified diff) - this makes it >more likely someone will look at the patch > Attached. Regards Jens -- Eitan Adler Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s). For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped I have no clue which type is right here; return PR to the net@ Actually user space `struct spppreq spr` is not explicitly zeroed [1], so `fuword() / fueword()` can read garbage into kernel space. I guess /sbin/spppcontrol will get error EINVAL occasionally on a 64bit platforms. As this is an old report, not sure if the reporter Jens can confirm this. 1. https://cgit.freebsd.org/src/tree/sbin/spppcontrol/spppcontrol.c?h=stable/13#n63 (In reply to Zhenlei Huang from comment #5) Proposed fix https://reviews.freebsd.org/D47335 . |
