net: ipv6: Make sure we do not access link address past array length #90576

jukkar · 2025-05-26T07:33:18Z

It is possible to manually set link address length past 6 at runtime and trying to generate IPv6 IID address that way. This should fail as we could read two bytes past the address buffer. There is no issues in the copying as the target buffer has plenty of space.

Fixes #90544
Coverity-CID: 516232

It is possible to manually set link address length past 6 at runtime and trying to generate IPv6 IID address that way. This should fail as we could read two bytes past the address buffer. There is no issues in the copying as the target buffer has plenty of space. Coverity-CID: 516232 Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>

pdgendt approved these changes May 26, 2025

View reviewed changes

github-actions bot added the area: Networking label May 26, 2025

github-actions bot requested review from rlubos and ssharks May 26, 2025 07:34

github-actions bot assigned rlubos May 26, 2025

rlubos approved these changes May 26, 2025

View reviewed changes

kartben merged commit e44ed8d into zephyrproject-rtos:main May 28, 2025
26 checks passed

jukkar deleted the fix/90544/coverity-out-of-bounds-ipv6 branch May 28, 2025 08:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

net: ipv6: Make sure we do not access link address past array length #90576

net: ipv6: Make sure we do not access link address past array length #90576

jukkar commented May 26, 2025

Uh oh!

Uh oh!

Uh oh!

net: ipv6: Make sure we do not access link address past array length #90576

net: ipv6: Make sure we do not access link address past array length #90576

Conversation

jukkar commented May 26, 2025

Uh oh!

Uh oh!

Uh oh!