From f09fbc237e159f5d5d71a11b9eb97462ffb5694f Mon Sep 17 00:00:00 2001
From: Guillem Jover <gjover@sipwise.com>
Date: Tue, 21 Sep 2021 16:06:41 +0200
Subject: [PATCH] TT#142600 Fix buffer overflow on memcpy

We are copying an IPv4 address which is 32-bit, while a MAC address is 6
byte long. Use the proper size in memcpy to avoid an buffer overflow and
an out of bounds variable read.

Change-Id: Iebcee588a5d5a37af6a7ad5caa27edd85804bfc9
Warned-by: gcc
---
 functions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions.c b/functions.c
index fbca857..29ac125 100644
--- a/functions.c
+++ b/functions.c
@@ -643,7 +643,7 @@ int build_packet(int pkt_type)
 		u_int32_t ip_addr_tmp;
 		ip_addr_tmp = htonl(ip_address);
 		memcpy(arph->sender_mac, dhmac, ETHER_ADDR_LEN);
-		memcpy(arph->sender_ip, (u_char *)&ip_addr_tmp, ETHER_ADDR_LEN);
+		memcpy(arph->sender_ip, (u_char *)&ip_addr_tmp, IP_ADDR_LEN);
 		memcpy(arph->target_mac, arp_hg->sender_mac, ETHER_ADDR_LEN);
 		memcpy(arph->target_ip, arp_hg->sender_ip, IP_ADDR_LEN);
 	} else if(ICMP_SEND) {