BIND 10 #2749: kill io_utilities.h or make it safe
BIND 10 Development
do-not-reply at isc.org
Mon Jan 27 16:06:28 UTC 2014
#2749: kill io_utilities.h or make it safe
-------------------------------------+-------------------------------------
Reporter: jinmei | Owner: muks
Type: defect | Status:
Priority: medium | reviewing
Component: Unclassified | Milestone:
Keywords: | Sprint-20131015
Sensitive: 0 | Resolution:
Sub-Project: Core | CVSS Scoring:
Estimated Difficulty: 3 | Defect Severity: N/A
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Changes (by stephen):
* owner: stephen => muks
Comment:
Reviewed commit 1685d98e142c2b5915d19bf17f4029459a922321
'''src/bin/dhcp6/dhcp6_srv.cc'''[[BR]]
generateServerID(): changes are OK, but when reviewing the code it
occurred to me that if the "iface->getMacLen()" call returns zero, the
target address of the memcpy() is invalid. Admittedly the memcpy() should
not copy anything because the length will be zero, but a !StackOverflow
answer [http://stackoverflow.com/questions/5243012/is-it-guaranteed-to-be-
safe-to perform-memcpy0-0-0 here] quotes the C standard indicating that
arguments to memcpy() must always be valid, even if the size argument is
zero.
However, looking at the code in detail reveals that earlier in the
function the MAC length is checked against MIN_MAC_LEN. (Also,
isRangeZero() is called which returns "true" if the MAC comprises entirely
of zeroes or if the length it zero.) I've changed the comment from "at
least 8 bytes" to "more than 8 bytes".
If you're happy with this change, please merge.
--
Ticket URL: <http://bind10.isc.org/ticket/2749#comment:16>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list