[Bug 173002] [net] data type size problem in if_spppsubr.c

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 29 Oct 2024 09:11:58 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=173002

Zhenlei Huang <zlei@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zlei@FreeBSD.org

--- Comment #5 from Zhenlei Huang <zlei@FreeBSD.org> ---
Actually user space `struct spppreq spr` is not explicitly zeroed [1], so
`fuword() / fueword()` can read garbage into kernel space. I guess
/sbin/spppcontrol will get error EINVAL occasionally on a 64bit platforms.

As this is an old report, not sure if the reporter Jens can confirm this.

1.
https://cgit.freebsd.org/src/tree/sbin/spppcontrol/spppcontrol.c?h=stable/13#n63

-- 
You are receiving this mail because:
You are the assignee for the bug.