Date: Mon, 14 Apr 2008 10:33:35 +0200 From: Marc =?iso-8859-1?q?L=F6rner?= <marc.loerner@hob.de> To: freebsd-net@freebsd.org Subject: problem in if_tap.c Message-ID: <200804141033.35918.marc.loerner@hob.de>
next in thread | raw e-mail | index | archive | help
Hello,
I found the following problem in the if_tap-device code in function tapcreate
when used on 64-bit systems:
TAPDEBUG("tapcreate(%s%d). minor = %#x\n", name, unit, minor(dev));
/* generate fake MAC address: 00 bd xx xx xx unit_no */
macaddr_hi = htons(0x00bd);
bcopy(&macaddr_hi, eaddr, sizeof(short));
---->
bcopy(&ticks, &eaddr[2], sizeof(long));
eaddr[5] = (u_char)unit;
/* fill the rest and attach interface */
sizeof(long) is not always 4 on any system (e.g. on ia64 it's 8)
=> bytes are copied from undefined memory into undefined memory
Regards,
Marc
P.S.: On replies please cc me because I'm not on the list.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804141033.35918.marc.loerner>