From 5efaa8d7799347dfae38333b1fd6e1a87dc76b28 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Sat, 16 Jun 2012 20:09:04 -0700 Subject: [PATCH] msg: fix buffer overflow in ipv6 addr parsing Noticed because of failing i386 unit tests for long addrs; x86_64 passed fine. Sigh. FTR, the failing address was 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Sadly the full length addrs don't turn it up on x86_64, still, nor does valgrind notice. But, this fixes it on i386. Signed-off-by: Sage Weil --- src/msg/msg_types.cc | 2 +- src/test/test_addrs.cc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/msg/msg_types.cc b/src/msg/msg_types.cc index 676adbab9c2..5c22dc8d664 100644 --- a/src/msg/msg_types.cc +++ b/src/msg/msg_types.cc @@ -69,7 +69,7 @@ bool entity_addr_t::parse(const char *s, const char **end) } *o = 0; - char buf6[39]; + char buf6[64]; // actually 39 + null is sufficient. o = buf6; p = start; while (o < buf6 + sizeof(buf6) && diff --git a/src/test/test_addrs.cc b/src/test/test_addrs.cc index d7a693255c3..8cb3d4d7ab9 100644 --- a/src/test/test_addrs.cc +++ b/src/test/test_addrs.cc @@ -32,6 +32,7 @@ const char *addr_checks[][3] = { { "[2607:f298:4:2243::5522]a", "[2607:f298:4:2243::5522]:0/0", "a" }, { "[2607:f298:4:2243::5522]:1234a", "[2607:f298:4:2243::5522]:1234/0", "a" }, { "2001:0db8:85a3:0000:0000:8a2e:0370:7334", "[2001:db8:85a3::8a2e:370:7334]:0/0", "" }, + { "2001:2db8:85a3:4334:4324:8a2e:1370:7334", "[2001:2db8:85a3:4334:4324:8a2e:1370:7334]:0/0", "" }, { "::", "[::]:0/0", "" }, { "::zz", "[::]:0/0", "zz" }, { ":: 12:34", "[::]:0/0", " 12:34" },