[PATCH] fix writing to unintended memory in eth16i_probe_port(); drivers/net/eth16i.c

14 is added as an offset to the array dummy_packet (64 unsigned chars) to
serve as a destination address in a call to memset(). However, when added, 
it is automatically scaled by the size of dummy_packet, which is 64. This
results in writing to unintended memory.

Signed-off-by: Roel Kluin <[email protected]>
---
diff --git a/drivers/net/eth16i.c b/drivers/net/eth16i.c
index e3dd8b1..1ae0b3e 100644
--- a/drivers/net/eth16i.c
+++ b/drivers/net/eth16i.c
@@ -680,7 +680,7 @@ static int eth16i_probe_port(int ioaddr)
 
 	dummy_packet[12] = 0x00;
 	dummy_packet[13] = 0x04;
-	memset(dummy_packet + 14, 0, sizeof(dummy_packet) - 14);
+	memset((char *)dummy_packet + 14, 0, sizeof(dummy_packet) - 14);
 
 	eth16i_select_regbank(2, ioaddr);
 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH] fix writing to unintended memory in eth16i_probe_port(); drivers/net/eth16i.c
  - From: Al Viro <[email protected]>

Prev by Date: Re: virtio config_ops refactoring
Next by Date: Re: include files for kvmclock
Previous by thread: [PATCH] fix writing to unintended memory in pkt_generic_packet(); drivers/block/pktcdvd.c
Next by thread: Re: [PATCH] fix writing to unintended memory in eth16i_probe_port(); drivers/net/eth16i.c
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]