From nobody@FreeBSD.org  Tue Oct 23 19:02:03 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2FBCAC09
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 23 Oct 2012 19:02:03 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id B7C158FC12
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 23 Oct 2012 19:02:02 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q9NJ2297060866
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 23 Oct 2012 19:02:02 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id q9NJ22rm060863;
	Tue, 23 Oct 2012 19:02:02 GMT
	(envelope-from nobody)
Message-Id: <201210231902.q9NJ22rm060863@red.freebsd.org>
Date: Tue, 23 Oct 2012 19:02:02 GMT
From: Jens Wiatrowski <wiatro@gmx.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: data type size problem in if_spppsubr.c
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         173002
>Category:       kern
>Synopsis:       [net] [patch] data type size problem in if_spppsubr.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-net
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 23 19:10:00 UTC 2012
>Closed-Date:    
>Last-Modified:  Sun Apr 20 02:43:34 UTC 2014
>Originator:     Jens Wiatrowski
>Release:        FreeBSD-8.2
>Organization:
>Environment:
FreeBSD merlin 8.2-RELEASE FreeBSD 8.2-RELEASE #5: Tue Oct 23 18:37:46 MEST 2012     wiatro@merlin:/usr/src/freebsd-8.2-amd64/sys/amd64/compile/MERLIN  amd64
>Description:
Because cmd in struct spppreq (/usr/include/net/if_sppp.h) is an int,
fuword32() should be used instead of fuword() in sys/net/if_spppsubr.c, line 5133, I think.
>How-To-Repeat:
Use /sbin/spppcontrol on a 64bit machine.
>Fix:
Apply the patch I've appended.
Or change the type of cmd in struct spppreq to unsigned long.

Patch attached with submission follows:

*** sys/net/if_spppsubr.c.orig	Tue Oct 23 18:47:42 2012
--- sys/net/if_spppsubr.c	Tue Oct 23 18:46:27 2012
***************
*** 5130,5136 ****
  	 * Check the cmd word first before attempting to fetch all the
  	 * data.
  	 */
! 	if ((subcmd = fuword(ifr->ifr_data)) == -1) {
  		rv = EFAULT;
  		goto quit;
  	}
--- 5130,5136 ----
  	 * Check the cmd word first before attempting to fetch all the
  	 * data.
  	 */
! 	if ((subcmd = fuword32(ifr->ifr_data)) == -1) {
  		rv = EFAULT;
  		goto quit;
  	}


>Release-Note:
>Audit-Trail:

From: Eitan Adler <lists@eitanadler.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/173002: data type size problem in if_spppsubr.c
Date: Tue, 23 Oct 2012 18:08:15 -0400

 --047d7b2e40bebb1d9404ccc13653
 Content-Type: text/plain; charset=UTF-8
 
 ---------- Forwarded message ----------
 From: Jens Wiatrowski <wiatro@gmx.net>
 Date: 23 October 2012 16:40
 Subject: Re: Re: kern/173002: data type size problem in if_spppsubr.c
 To: Eitan Adler <lists@eitanadler.com>
 
 
         Hello Eitan,
 
 >
 >please send the output of "diff -u" (unified diff) - this makes it
 >more likely someone will look at the patch
 >
 Attached.
 
         Regards
 
                 Jens
 
 
 -- 
 Eitan Adler
 
 --047d7b2e40bebb1d9404ccc13653
 Content-Type: application/x-patch-file; name="if_spppsubr.c.patch"
 Content-Disposition: attachment; filename="if_spppsubr.c.patch"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: ce731ba23a9a350e_0.1
 
 LS0tIHN5cy9uZXQvaWZfc3BwcHN1YnIuYy5vcmlnCTIwMTItMTAtMjMgMTg6NTI6MTMuMDAwMDAw
 MDAwICswMjAwCisrKyBzeXMvbmV0L2lmX3NwcHBzdWJyLmMJMjAxMi0xMC0yMyAxODo1MjoyMy4w
 MDAwMDAwMDAgKzAyMDAKQEAgLTUxMzAsNyArNTEzMCw3IEBACiAJICogQ2hlY2sgdGhlIGNtZCB3
 b3JkIGZpcnN0IGJlZm9yZSBhdHRlbXB0aW5nIHRvIGZldGNoIGFsbCB0aGUKIAkgKiBkYXRhLgog
 CSAqLwotCWlmICgoc3ViY21kID0gZnV3b3JkKGlmci0+aWZyX2RhdGEpKSA9PSAtMSkgeworCWlm
 ICgoc3ViY21kID0gZnV3b3JkMzIoaWZyLT5pZnJfZGF0YSkpID09IC0xKSB7CiAJCXJ2ID0gRUZB
 VUxUOwogCQlnb3RvIHF1aXQ7CiAJfQo=
 --047d7b2e40bebb1d9404ccc13653--
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Oct 30 15:10:40 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=173002 
>Unformatted:
