pppd: fix memcpy overlap (#579)

LGA1150 · web-flow · commit f8d994052e38 · 2026-03-05T08:41:30.000+11:00
memcpy() with overlapping src and dest buffers is an undefined behavior in C. In the current code, a ConfRej response is generated by copying input data in-place, where the dest address is lower than the src. This happens to work in practice because memcpy() forward-copies data, matching the behavior of memmove() in this case. However, if FORTIFY_SOURCE or Address Sanitizer is enabled, memcpy() will detect the overlap at run time and abort the program. Replace the memcpy() with memmove() to ensure a well-defined behavior. Reported-by: Filippo Carletti <filippo.carletti@gmail.com> Closes: #576 Signed-off-by: Qingfang Deng <dqfext@gmail.com>
diff --git a/pppd/pppd-private.h b/pppd/pppd-private.h
@@ -531,7 +531,7 @@ int parse_dotted_ip(char *, u_int32_t *);
 #define TIMEOUT(r, f, t)	ppp_timeout((r), (f), (t), 0)
 #define UNTIMEOUT(r, f)		ppp_untimeout((r), (f))
 
-#define BCOPY(s, d, l)		memcpy(d, s, l)
+#define BCOPY(s, d, l)		memmove(d, s, l)
 #define BZERO(s, n)		memset(s, 0, n)
 #define	BCMP(s1, s2, l)		memcmp(s1, s2, l)
 
