#1243 closed defect (fixed)

invalid dereference in pppd/auth.c

Reported by: Ralf Corsepius Owned by: Ralf Corsepius
Priority: normal Milestone: 4.7
Component: network/legacy Version: 4.7
Severity: major Keywords:
Cc: Blocked By:
Blocking:

Description

I am not sure, but I suspect the patch against cpukit/pppd/pppd.c below to
reveal an invalid de-reference in current code:

diff -u -r1.8 auth.c
--- pppd/auth.c 27 Mar 2007 15:47:35 -0000 1.8
+++ pppd/auth.c 8 May 2007 16:02:42 -0000
@@ -968,7 +968,7 @@

} else {

np = getnetbyname (ptr_word);
if (np != NULL && np->n_addrtype == AF_INET) {

  • a = htonl (*(u_int32_t *)np->n_net);

+ a = htonl (np->n_net);

if (ptr_mask == NULL) {

/* calculate appropriate mask for net */
ah = ntohl(a);

np is of type "struct netent" with n_net being defined in SUSv3 as follows:

uint32_t n_net The network number, in host byte order.

IMO, the conclusion must be: This dereference is wrong and should be removed (i.e. the patch above be applied).

Change History (7)

comment:1 Changed on May 8, 2007 at 3:35:00 PM by Ralf Corsepius

Milestone: 4.84.7

comment:2 Changed on May 8, 2007 at 3:37:33 PM by Ralf Corsepius

Summary: invalid dereference in pppd/pppd.cinvalid dereference in pppd/auth.c

comment:3 Changed on May 9, 2007 at 11:17:54 AM by Ralf Corsepius

Status: newassigned

comment:4 Changed on May 9, 2007 at 11:18:17 AM by Ralf Corsepius

Owner: changed from Joel Sherrill to Ralf Corsepius
Status: assignednew

comment:5 Changed on May 9, 2007 at 11:18:45 AM by Ralf Corsepius

Resolution: fixed
Status: newclosed

comment:6 Changed on May 9, 2007 at 11:59:41 AM by Ralf Corsepius

Patch also applied on rtems-4-6-branch.

comment:7 Changed on Oct 10, 2017 at 6:44:19 AM by Sebastian Huber

Component: pppdnetwork/legacy
Note: See TracTickets for help on using tickets.