chao
/
linuxptp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

msg: Append multiple TLVs correctly. 

The logic that adds TLVs to the end of a message mixes up the 'L'
length in "TLV" with the total TLV length.  As a result, the second
and subsequent TLVs will corrupt the previous TLV in the buffer.  This
patch corrects the code to find the correct offset for the second and
following appended TLVs.

Note that the stack does not currently trigger this latent bug because
only single TLVs are appended.

Fixes: 4a8877f904 ("msg: Introduce method for appending multiple TLVs on transmit.")

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
master
Richard Cochran 2018-04-02 20:19:51 -07:00
parent d8a9591dac
commit d14f11fd32
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
msg.c
View File

@ -151,6 +151,8 @@ static struct tlv_extra *msg_tlv_prepare(struct ptp_message *msg, int length)
tmp = TAILQ_LAST(&msg->tlv_list, tlv_list);
if (tmp) {
ptr = (uint8_t *) tmp->tlv;
ptr += sizeof(tmp->tlv->type);
ptr += sizeof(tmp->tlv->length);
ptr += tmp->tlv->length;
}