lwip-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #51195] Calling inet_pton() causes buffer overrun on a


From: Dario Tedeschi
Subject: [lwip-devel] [bug #51195] Calling inet_pton() causes buffer overrun on a struct in6_addr.
Date: Tue, 6 Jun 2017 21:11:42 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0

URL:
  <http://savannah.nongnu.org/bugs/?51195>

                 Summary: Calling inet_pton() causes buffer overrun on a
struct in6_addr.
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: zr5dt
            Submitted on: Wed 07 Jun 2017 01:11:41 AM UTC
                Category: IPv6
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head

    _______________________________________________________

Details:

Since inet_pton is just a macro that wraps ip6addr_aton() the bug actually
resides in ip6addr_aton(). The end of that function calls  
ip6_addr_clear_zone(), which writes to the 'zone' member of ip6_addr_t.
Unfortunately that is one byte more than sizeof(struct in6_addr), which is the
structure passed in a call to inet_pton(AF_INET6, ...).

Attached is a patch used to work around the problem (off commit
9dee34600028a3).



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 07 Jun 2017 01:11:41 AM UTC  Name: posix-socket-api.patch  Size: 2kB
  By: zr5dt

<http://savannah.nongnu.org/bugs/download.php?file_id=40869>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?51195>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]