From owner-freebsd-net@FreeBSD.ORG Tue Feb 10 22:17:42 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E8811065670; Tue, 10 Feb 2009 22:17:42 +0000 (UTC) (envelope-from rdivacky@vlk.vlakno.cz) Received: from vlakno.cz (77-93-215-190.static.masterinter.net [77.93.215.190]) by mx1.freebsd.org (Postfix) with ESMTP id 1573C8FC18; Tue, 10 Feb 2009 22:17:42 +0000 (UTC) (envelope-from rdivacky@vlk.vlakno.cz) Received: from localhost (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id E1C3D9CB05A; Tue, 10 Feb 2009 22:57:41 +0100 (CET) X-Virus-Scanned: amavisd-new at vlakno.cz Received: from vlakno.cz ([127.0.0.1]) by localhost (lev.vlakno.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbYVzGQ9MXpt; Tue, 10 Feb 2009 22:57:39 +0100 (CET) Received: from vlk.vlakno.cz (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id BD1789CB124; Tue, 10 Feb 2009 22:57:39 +0100 (CET) Received: (from rdivacky@localhost) by vlk.vlakno.cz (8.14.3/8.14.3/Submit) id n1ALvdvY024581; Tue, 10 Feb 2009 22:57:39 +0100 (CET) (envelope-from rdivacky) Date: Tue, 10 Feb 2009 22:57:39 +0100 From: Roman Divacky To: net@freebsd.org Message-ID: <20090210215739.GA24102@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Cc: mav@freebsd.org Subject: unsafe C in netgraph/pppoed.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2009 22:17:42 -0000 --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hi struct pppoe_tag { u_int16_t tag_type; u_int16_t tag_len; char tag_data[]; }__packed; struct pppoe_hdr{ u_int8_t ver:4; u_int8_t type:4; u_int8_t code; u_int16_t sid; u_int16_t length; struct pppoe_tag tag[]; }__packed; this is inherently unsafe as the tag_data can only have 0 elements to be used safely. gcc compiles this without warning although there should be a big one.=20 I found this using clang, which produces this error/warning: lev pppoed$ ccc -c pppoed.c = ccc: Unknown host 'freebsd', using = generic host information. In file included from pppoed.c:41: /usr/include/netgraph/ng_pppoe.h:213:22: error: 'struct pppoe_tag' may not = be used as an array element due to flexible array member struct pppoe_tag tag[]; ^ 1 diagnostic generated. can you guys take a look at this issue? thnx! roman p.s. please keep me CCed as I am not subscribed to net@ --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmR+FIACgkQLVEj6D3CBEyIfgCeIu4KXgcWiuBtaEc0vZTxNh6q fVwAn24pZibUbXncp6c2bYvPp4EQqS7T =ZR3+ -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V--