From owner-freebsd-net@FreeBSD.ORG Mon Apr 14 17:10:39 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E7731065678 for ; Mon, 14 Apr 2008 17:10:39 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id 26FC38FC1B for ; Mon, 14 Apr 2008 17:10:38 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: by fg-out-1718.google.com with SMTP id 16so1849756fgg.35 for ; Mon, 14 Apr 2008 10:10:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=dOyCmYXoUykjMcqXpyMorhl/qbyJpX6v/l6ql67wNl8=; b=MqWPARlexBjJBcLUFq7AAQWEWxjT5T21EKPEnpa8GB2cHgucEbAM5nYQiX2ewTGPYLRuHkwpfzDJBsC50q5EKVAYsfREF7LDaejkSAEV5W8IZH7NPUFg23EK9Ing8T9tHkphKuRmkXxKicXZNQF0NnyC5C71KtnpvM8EpSq9HmI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jMmeFhaPuBMjM/i/4QWAu1OSf5KRpIQ2rbdziSJTy1m43lpDRQzSoeoDX4lyoay2wTY9IQwtNqBYIHTGzWQHmQV0Dou2DzbE0jOdlMDtElbxb2YYvMjpJeVChXoIAyKJKbEN2aspzr/2v7OxlSlxg7M81bD4fezZuUJktddCoVc= Received: by 10.86.27.9 with SMTP id a9mr13804140fga.62.1208191535920; Mon, 14 Apr 2008 09:45:35 -0700 (PDT) Received: by 10.86.71.15 with HTTP; Mon, 14 Apr 2008 09:45:33 -0700 (PDT) Message-ID: Date: Mon, 14 Apr 2008 09:45:33 -0700 From: "Maksim Yevmenkin" To: "=?ISO-8859-1?Q?Marc_L=F6rner?=" In-Reply-To: <200804141033.35918.marc.loerner@hob.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200804141033.35918.marc.loerner@hob.de> Cc: freebsd-net@freebsd.org Subject: Re: problem in if_tap.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 17:10:39 -0000 On Mon, Apr 14, 2008 at 1:33 AM, Marc L=F6rner wrote: > Hello, > I found the following problem in the if_tap-device code in function tapc= reate > when used on 64-bit systems: > > TAPDEBUG("tapcreate(%s%d). minor =3D %#x\n", name, unit, minor(dev= )); > > /* generate fake MAC address: 00 bd xx xx xx unit_no */ > macaddr_hi =3D htons(0x00bd); > bcopy(&macaddr_hi, eaddr, sizeof(short)); > > ----> > bcopy(&ticks, &eaddr[2], sizeof(long)); > eaddr[5] =3D (u_char)unit; > > /* fill the rest and attach interface */ > > sizeof(long) is not always 4 on any system (e.g. on ia64 it's 8) > =3D> bytes are copied from undefined memory into undefined memory please try the following patch. if there is no objections, i will commit it beetle# diff -u if_tap.c.orig if_tap.c --- if_tap.c.orig 2007-04-05 10:58:39.000000000 -0700 +++ if_tap.c 2008-04-14 09:42:42.000000000 -0700 @@ -404,6 +404,7 @@ struct ifnet *ifp =3D NULL; struct tap_softc *tp =3D NULL; unsigned short macaddr_hi; + uint32_t macaddr_mid; int unit, s; char *name =3D NULL; u_char eaddr[6]; @@ -432,8 +433,9 @@ /* generate fake MAC address: 00 bd xx xx xx unit_no */ macaddr_hi =3D htons(0x00bd); + macaddr_mid =3D (uint32_t) ticks; bcopy(&macaddr_hi, eaddr, sizeof(short)); - bcopy(&ticks, &eaddr[2], sizeof(long)); + bcopy(&macaddr_mid, &eaddr[2], sizeof(uint32_t)); eaddr[5] =3D (u_char)unit; /* fill the rest and attach interface */ thanks, max