From 44b3cd4e09882a1835d9a686570624133cc1471e Mon Sep 17 00:00:00 2001
From: Valentin Sawadski <valentin@tado.com>
Date: Thu, 8 Oct 2015 17:18:26 +0200
Subject: [PATCH] Fixes a possible unsafe memcpy in uip_udp_packet_send

If the buffers overlap, memcpy must not be used as it might have arbitrary
results. memmove() on the other hand is safe to use.
---
 core/net/ip/uip-udp-packet.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/net/ip/uip-udp-packet.c b/core/net/ip/uip-udp-packet.c
index 5cbf63763..923661709 100644
--- a/core/net/ip/uip-udp-packet.c
+++ b/core/net/ip/uip-udp-packet.c
@@ -54,9 +54,9 @@ uip_udp_packet_send(struct uip_udp_conn *c, const void *data, int len)
   if(data != NULL) {
     uip_udp_conn = c;
     uip_slen = len;
-    memcpy(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data,
-           len > UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN?
-           UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN: len);
+    memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data,
+            len > UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN?
+            UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN: len);
     uip_process(UIP_UDP_SEND_CONN);
 
 #if UIP_CONF_IPV6_MULTICAST