[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #51195] Calling inet_pton() causes buffer overrun on a
|
From: |
Dario Tedeschi |
|
Subject: |
[lwip-devel] [bug #51195] Calling inet_pton() causes buffer overrun on a struct in6_addr. |
|
Date: |
Tue, 6 Jun 2017 21:11:42 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0 |
URL:
<http://savannah.nongnu.org/bugs/?51195>
Summary: Calling inet_pton() causes buffer overrun on a
struct in6_addr.
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: zr5dt
Submitted on: Wed 07 Jun 2017 01:11:41 AM UTC
Category: IPv6
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
Since inet_pton is just a macro that wraps ip6addr_aton() the bug actually
resides in ip6addr_aton(). The end of that function calls
ip6_addr_clear_zone(), which writes to the 'zone' member of ip6_addr_t.
Unfortunately that is one byte more than sizeof(struct in6_addr), which is the
structure passed in a call to inet_pton(AF_INET6, ...).
Attached is a patch used to work around the problem (off commit
9dee34600028a3).
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 07 Jun 2017 01:11:41 AM UTC Name: posix-socket-api.patch Size: 2kB
By: zr5dt
<http://savannah.nongnu.org/bugs/download.php?file_id=40869>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?51195>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #51195] Calling inet_pton() causes buffer overrun on a struct in6_addr.,
Dario Tedeschi <=