summaryrefslogtreecommitdiff
blob: eebe4a23b304fbb31bd7b969964f0986c8a991cd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
fixes a bug where sizeof was being used on a pointer when they clearly
meant to use the size of the array referred to. Fortunately, the amount is
always smaller than the actual size of the buffer, so likely not a security issue
(and was fixed in vmware-workstaiton 10

diff -rupN vmnet-only/hub.c vmnet-only.new/hub.c
--- vmnet-only/hub.c	2013-11-06 00:40:52.000000000 -0500
+++ vmnet-only.new/hub.c	2014-10-07 18:45:34.403918680 -0400
@@ -129,7 +129,7 @@ VNetHubFindHubByID(uint8 idNum[VNET_PVN_
 {
    VNetHub *currHub = vnetHub;
    while (currHub && (currHub->hubType != HUB_TYPE_PVN ||
-		      memcmp(idNum, currHub->id.pvnID, sizeof idNum))) {
+		      memcmp(idNum, currHub->id.pvnID, VNET_PVN_ID_LEN))) {
       currHub = currHub->next;
    }
    return currHub;
@@ -312,7 +312,7 @@ VNetHubAlloc(Bool allocPvn, // IN: TRUE
 
       if (allocPvn) {
 	 hub->hubType = HUB_TYPE_PVN;
-	 memcpy(hub->id.pvnID, id, sizeof id);
+	 memcpy(hub->id.pvnID, id, VNET_PVN_ID_LEN);
 	 ++pvnInstance;
       } else {
 	 hub->hubType = HUB_TYPE_VNET;