From 4b0d5e081a263050732e652a77c308dd90c44372 Mon Sep 17 00:00:00 2001 From: Rasmus Villemoes Date: Thu, 8 Jun 2017 12:43:48 +0200 Subject: lib/xfrm/ae.c: fix memcpy(dst, dst) bug This is clearly not what was intended. While at it, drop the pointless cast of the allocator's return value, and use plain malloc since we're explicitly populating all len bytes immediately afterwards. --- lib/xfrm/ae.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/xfrm') diff --git a/lib/xfrm/ae.c b/lib/xfrm/ae.c index 8e82c9ad..011a6e52 100644 --- a/lib/xfrm/ae.c +++ b/lib/xfrm/ae.c @@ -174,9 +174,9 @@ static int xfrm_ae_clone(struct nl_object *_dst, struct nl_object *_src) if (src->replay_state_esn) { uint32_t len = sizeof (struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * src->replay_state_esn->bmp_len); - if ((dst->replay_state_esn = (struct xfrmnl_replay_state_esn*)calloc (1, len)) == NULL) + if ((dst->replay_state_esn = malloc (len)) == NULL) return -NLE_NOMEM; - memcpy (dst->replay_state_esn, dst->replay_state_esn, len); + memcpy (dst->replay_state_esn, src->replay_state_esn, len); } return 0; -- cgit v1.2.3