RepoMirrors
/
musl
mirror of git://git.musl-libc.org/musl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix internal buffer overrun in inet_pton 

one stop condition for parsing abbreviated ipv6 addressed was missed,
allowing the internal ip[] buffer to overflow. this patch adds the
missing stop condition and masks the array index so that, in case
there are any remaining stop conditions missing, overflowing the
buffer is not possible.
This commit is contained in:
Rich Felker 2015-03-23 09:44:18 -04:00
parent 7c8c86f630
commit fc13acc3dc
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/network/inet_pton.c
View File

@ -39,14 +39,15 @@ int inet_pton(int af, const char *restrict s, void *restrict a0)
for (i=0; ; i++) {
if (s[0]==':' && brk<0) {
brk=i;
ip[i]=0;
ip[i&7]=0;
if (!*++s) break;
if (i==7) return 0;
continue;
}
for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
v=16*v+d;
if (j==0) return 0;
ip[i] = v;
ip[i&7] = v;
if (!s[j] && (brk>=0 || i==7)) break;
if (i==7) return 0;
if (s[j]!=':') {