From 0d6d5a4aa6e04bedf87793de337c05a022268041 Mon Sep 17 00:00:00 2001 From: Viacheslav Mitrofanov Date: Tue, 6 Dec 2022 10:08:16 +0300 Subject: net: ipv6: Add missing break into IPv6 protocol handler IPv6 protocol handler is not terminated with a break statment. It can lead to running unexpected code. Signed-off-by: Viacheslav Mitrofanov Reviewed-by: Daniel Schwierzeck --- net/net.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net') diff --git a/net/net.c b/net/net.c index 1c39acc4936..57da9bda85a 100644 --- a/net/net.c +++ b/net/net.c @@ -1269,6 +1269,7 @@ void net_process_received_packet(uchar *in_packet, int len) #if IS_ENABLED(CONFIG_IPV6) case PROT_IP6: net_ip6_handler(et, (struct ip6_hdr *)ip, len); + break; #endif case PROT_IP: debug_cond(DEBUG_NET_PKT, "Got IP\n"); -- cgit v1.3.1 From 56e3b1470333eb9294a5ae5f58515377aa546aae Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 7 Dec 2022 11:53:29 +0100 Subject: net: don't memcpy to NULL In ndisc_receive() 7 bytes are copied from a buffer of size 6 to NULL. net_nd_packet_mac is a pointer. If it is NULL, we should set it to the address of the buffer with the MAC address. Addresses-Coverity-ID: 430974 ("Out-of-bounds access") Fixes: c6610e1d90ea ("net: ipv6: Add Neighbor Discovery Protocol (NDP)") Signed-off-by: Heinrich Schuchardt Reviewed-by: Bin Meng Reviewed-by: Viacheslav Mitrofanov --- net/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/ndisc.c b/net/ndisc.c index 3c0eeeaea39..367dae76766 100644 --- a/net/ndisc.c +++ b/net/ndisc.c @@ -265,7 +265,7 @@ int ndisc_receive(struct ethernet_hdr *et, struct ip6_hdr *ip6, int len) /* save address for later use */ if (!net_nd_packet_mac) - memcpy(net_nd_packet_mac, neigh_eth_addr, 7); + net_nd_packet_mac = neigh_eth_addr; /* modify header, and transmit it */ memcpy(((struct ethernet_hdr *)net_nd_tx_packet)->et_dest, -- cgit v1.3.1