Closed Exactlywb closed 2 years ago
@pali Seems like an area you have submitted patches in. What do you think?
There is check CHECK_ROOM(cursor, packet.payload, plen);
prior using svc->type
. So looks like it is safe.
Yes, you are right: in this way there's (probably) no way to write more than 1506 bytes into PPPoETag so it looks safe. Thank you for the quick response.
Anyway, I agree that code would be written better to avoid all those casting and to avoid those warnings. But the whole ppp project is old, based on old codebase, which means it needs lot of improvements. Anybody is welcome in such fixups / changes.
Hi! I've built
ppp
using-O2 -Werror=array-bounds
and got an error:Let's see truncated code:
As I understand
sizeof (PPPoETag) = 1512
, butsizeof (packet.payload) = 1508
. It looks like wrong type cast.Moreover, I want to point out that such type casts may provoke strict aliasing rule violation.
I hope my report will be useful for you.
Thanks