diff options
author | Alexey Izbyshev <izbyshev@ispras.ru> | 2023-01-26 14:47:39 +0300 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2023-02-12 17:42:37 -0500 |
commit | 7e13e5ae69a243b90b90d2f4b79b2a150f806335 (patch) | |
tree | 9ddb9075b4a043dabcdf556bc82ed2d144f898cf /src | |
parent | 7e6da7ac98efdc8167ed2d109298ba232a9a7ba3 (diff) | |
download | musl-7e13e5ae69a243b90b90d2f4b79b2a150f806335.tar.gz musl-7e13e5ae69a243b90b90d2f4b79b2a150f806335.tar.bz2 musl-7e13e5ae69a243b90b90d2f4b79b2a150f806335.tar.xz musl-7e13e5ae69a243b90b90d2f4b79b2a150f806335.zip |
inet_pton: fix uninitialized memory use for IPv4-mapped IPv6 addresses
When a dot is encountered, the loop counter is incremented before
exiting the loop, but the corresponding ip array element is left
uninitialized, so the subsequent memmove (if "::" was seen) and the
loop copying ip to the output buffer will operate on an uninitialized
uint16_t.
The uninitialized data never directly influences the control flow and
is overwritten on successful return by the second half of the parsed
IPv4 address. But it's better to fix this to avoid unexpected
transformations by a sufficiently smart compiler and reports from
UB-detection tools.
Diffstat (limited to 'src')
-rw-r--r-- | src/network/inet_pton.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c index d36c3689..bcbdd9ef 100644 --- a/src/network/inet_pton.c +++ b/src/network/inet_pton.c @@ -54,6 +54,7 @@ int inet_pton(int af, const char *restrict s, void *restrict a0) if (s[j]!='.' || (i<6 && brk<0)) return 0; need_v4=1; i++; + ip[i&7]=0; break; } s += j+1; |