summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-03-23 09:44:18 -0400
committerRich Felker <dalias@aerifal.cx>2015-03-30 02:18:42 -0400
commitf0a5b139ef357858f06d70c7aac9bbe590114849 (patch)
treea1e46e704de2d1ca20cd284f8847295a6ee79497 /src
parentee6f8114dfc02709f5df7f19bff0d774aef50fce (diff)
downloadmusl-f0a5b139ef357858f06d70c7aac9bbe590114849.tar.gz
musl-f0a5b139ef357858f06d70c7aac9bbe590114849.tar.bz2
musl-f0a5b139ef357858f06d70c7aac9bbe590114849.tar.xz
musl-f0a5b139ef357858f06d70c7aac9bbe590114849.zip
fix internal buffer overrun in inet_pton
one stop condition for parsing abbreviated ipv6 addressed was missed, allowing the internal ip[] buffer to overflow. this patch adds the missing stop condition and masks the array index so that, in case there are any remaining stop conditions missing, overflowing the buffer is not possible. (cherry picked from commit fc13acc3dcb5b1f215c007f583a63551f6a71363)
Diffstat (limited to 'src')
-rw-r--r--src/network/inet_pton.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c
index 4496b47b..d36c3689 100644
--- a/src/network/inet_pton.c
+++ b/src/network/inet_pton.c
@@ -39,14 +39,15 @@ int inet_pton(int af, const char *restrict s, void *restrict a0)
for (i=0; ; i++) {
if (s[0]==':' && brk<0) {
brk=i;
- ip[i]=0;
+ ip[i&7]=0;
if (!*++s) break;
+ if (i==7) return 0;
continue;
}
for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
v=16*v+d;
if (j==0) return 0;
- ip[i] = v;
+ ip[i&7] = v;
if (!s[j] && (brk>=0 || i==7)) break;
if (i==7) return 0;
if (s[j]!=':') {