From f6d450a5e4054b7ac17b73fb5081a55479c327d6 Mon Sep 17 00:00:00 2001
From: Petr Machata <petrm@mellanox.com>
Date: Tue, 15 May 2018 00:59:59 +0300
Subject: mausezahn: Fix IPv6 address comparison

CMP_INT evaluates its arguments more than once, and thus passing a
post-incremented pointer as an argument causes double increments and
hence buffer overruns. This can be observed by erratic behavior of IPv6
address ranges. Fix by moving the increment to loop header.

Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 staging/tools.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/staging/tools.c b/staging/tools.c
index 9d2d1be..72445b6 100644
--- a/staging/tools.c
+++ b/staging/tools.c
@@ -233,8 +233,8 @@ int in6_addr_cmp(struct libnet_in6_addr addr1,
 	       *p2 = addr2.__u6_addr.__u6_addr32;
 	int i, val = 0;
 
-	for (i = 0; i < 4; i++) {
-		val = CMP_INT(ntohl(*p1++), ntohl(*p2++));
+	for (i = 0; i < 4; i++, p1++, p2++) {
+		val = CMP_INT(ntohl(*p1), ntohl(*p2));
 		if (val) {
 			break;
 		}
-- 
cgit v1.2.3-54-g00ecf