Fix buffer overflow in Vlan_SetMacAddr from int/ULONG type mismatch

[Copilot]

The Vlan_SetMacAddr function declares add as int but casts it to ULONG* when calling Vlan_GetEthLinkMacOffSet. On 64-bit systems, this writes 8 bytes to a 4-byte location, corrupting the adjacent number variable.

Example impact:

• MAC 00:33:44:22:00:88 → number = 0x3344220088
• After Vlan_GetEthLinkMacOffSet(pEntry, (PULONG)&add) with offset 0
• number corrupted to 0x3300000000 (lower 4 bytes overwritten)

Changes:

• Changed add from int to ULONG to match function signature
• Removed unnecessary cast from (PULONG)&add to &add

- int add = 0;
+ ULONG add = 0;
  
- if (Vlan_GetEthLinkMacOffSet(pEntry, (PULONG)&add) == ANSC_STATUS_FAILURE)
+ if (Vlan_GetEthLinkMacOffSet(pEntry, &add) == ANSC_STATUS_FAILURE)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• esm.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Vlan_SetMacAddr forced type conversion out of bounds</issue_title>
<issue_description>### Problem/Opportunity

Vlan_SetMacAddr in valn_apis.c forced type conversion out of bounds when do Vlan_GetEthLinkMacOffset to forced int add to ULONG add tranversion.

Steps to reproduce

1 supposed the mac get in platform_hal_GetBaeMacAddress is "00:33:44:22:00:88"
2 number will be 3344220088
3 after do Vlan_GetEthLinkMacOffSet, the add is forced to transversion to ULONG type, supposed the add is 0
4 print the number value ,it will be 3300000000, because four bytes of number were overwritten by the forced type conversion of add.

Expected Behavior

1 supposed the mac get in platform_hal_GetBaeMacAddress is "00:33:44:22:00:88"
2 number will be 3344220088
3 after do Vlan_GetEthLinkMacOffSet
4 print the number value ,it should still be 3344220088

Actual Behavior

1 supposed the mac get in platform_hal_GetBaeMacAddress is "00:33:44:22:00:88"
2 number will be 3344220088
3 after do Vlan_GetEthLinkMacOffSet, the add is forced to transversion to ULONG type, supposed the add is 0
4 print the number value ,it will be 3300000000, because four bytes of number were overwritten by the forced type conversion of add.

Notes (Optional)

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Vlan_SetMacAddr forced type conversion out of bounds #24

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[rdkcmf-jenkins]

b'## Copyright scan failure
Commit: 64f01e4
Report detail: https://gist.github.com/rdkcmf-jenkins/aba33c99845ceff910c69ee64ea44451'

[rdkcmf-jenkins]

b'## Copyright scan failure
Commit: 25c0651
Report detail: https://gist.github.com/rdkcmf-jenkins/608138acde4e0ee4df6e368414871ff2'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 3 files pending identification.

• Protex Server Path: /home/blackduck/github/vlan-manager/28/rdkcentral/RdkVlanBridgingManager

• Commit: 25c0651

Report detail: gist'

[rdkcmf-jenkins]

b'## Copyright scan failure
Commit: 25c0651
Report detail: https://gist.github.com/rdkcmf-jenkins/f4170ab37080869b643800c6730ecd79'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 3 files pending identification.

• Protex Server Path: /home/blackduck/github/vlan-manager/28/rdkcentral/RdkVlanBridgingManager

• Commit: 25c0651

Report detail: gist'

[rdkcmf-jenkins]

b'## Copyright scan failure
Commit: 25c0651
Report detail: https://gist.github.com/rdkcmf-jenkins/072a42e21168c8f0f54201c4d4d9d52d'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 3 files pending identification.

• Protex Server Path: /home/blackduck/github/vlan-manager/28/rdkcentral/RdkVlanBridgingManager

• Commit: 25c0651

Report detail: gist'

[rdkcmf-jenkins]

b'## Copyright scan failure
Commit: 25c0651
Report detail: https://gist.github.com/rdkcmf-jenkins/aaf692ff3e7c772de9694fee73fc3484'

[rdkcmf-jenkins]

b'## Copyright scan failure
Commit: 25c0651
Report detail: https://gist.github.com/rdkcmf-jenkins/c7b86fa050fb84fbfb32b7fb83cd947d'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 3 files pending identification.

• Protex Server Path: /home/blackduck/github/vlan-manager/28/rdkcentral/RdkVlanBridgingManager

• Commit: 25c0651

Report detail: gist'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 3 files pending identification.

• Protex Server Path: /home/blackduck/github/vlan-manager/28/rdkcentral/RdkVlanBridgingManager

• Commit: 25c0651

Report detail: gist'

[S-Parthiban-Selvaraj]

Remove temporary files.

[Copilot]

Pull Request Overview

This PR fixes a critical buffer overflow vulnerability in Vlan_SetMacAddr caused by a type mismatch. The add variable was declared as int (4 bytes) but passed by reference to a function expecting ULONG* (8 bytes on 64-bit systems), causing memory corruption of adjacent variables.

Key changes:

• Changed add variable type from int to ULONG to match the expected function signature
• Removed unnecessary cast from (PULONG)&add to &add

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
source/TR-181/middle_layer_src/vlan_apis.c	Fixed type mismatch by changing add from int to ULONG and removed unnecessary cast
cfg/missing	Added GNU automake utility script (build infrastructure)
cfg/install-sh	Added GNU install script (build infrastructure)
cfg/depcomp	Added dependency tracking script (build infrastructure)
_codeql_detected_source_root	Added CodeQL source root marker file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.