git.ipfire.org Git - thirdparty/systemd.git/commit

test-dhcp6-client: Fix option length

The whole DHCPv6 test message length was incorrectly used as the length
of DHCPv6 options causing the following bad memory access:

$ build/test-dhcp6-client
Assertion 'interface_index >= -1' failed at ../src/libsystemd-network/sd-dhcp6-client.c:129, function sd_dhcp6_client_set_index(). Ignoring.
=================================================================
==29135==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe204aa9148 at pc 0x7fe204a5958f bp 0x7fff3e47d470 sp 0x7fff3e47d460
READ of size 1 at 0x7fe204aa9148 thread T0
    #0 0x7fe204a5958e in option_parse_hdr ../src/libsystemd-network/dhcp6-option.c:145
    #1 0x7fe204a59884 in dhcp6_option_parse ../src/libsystemd-network/dhcp6-option.c:165
    #2 0x7fe204a4eb9c in test_advertise_option ../src/libsystemd-network/test-dhcp6-client.c:227
    #3 0x7fe204a51c58 in main ../src/libsystemd-network/test-dhcp6-client.c:584
    #4 0x7fe2031590df in __libc_start_main (/lib64/libc.so.6+0x200df)
    #5 0x7fe204a4cc5b (/home/test/systemd/build/test-dhcp6-client+0x25c5b)

0x7fe204aa9148 is located 2 bytes to the right of global variable 'msg_advertise' from '../src/libsystemd-network/test-dhcp6-client.c' (0x7fe204aa9080) of size 198
0x7fe204aa9148 is located 56 bytes to the left of global variable 'msg_reply' from '../src/libsystemd-network/test-dhcp6-client.c' (0x7fe204aa9180) of size 173
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/libsystemd-network/dhcp6-option.c:145 option_parse_hdr

author	Patrik Flykt <patrik.flykt@linux.intel.com>
	Fri, 29 Aug 2014 06:20:46 +0000 (09:20 +0300)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sat, 30 Aug 2014 22:35:43 +0000 (18:35 -0400)
commit	d182960ae974a0074010a058d0d909846a2f3f79
tree	e239127845baaf544969cbdbdd8c266977e4f288	tree \| snapshot
parent	a13ee4c792cb5738c3dd13b2a4bb1a828e7994fd	commit \| diff