diff options
author | Eric Wong <normalperson@yhbt.net> | 2012-07-13 17:20:01 -0700 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2012-07-13 17:20:01 -0700 |
commit | e594c55b95e49665ece6f026b9eac0891e8e56af (patch) | |
tree | 3c1cd808dcddcebd826f33669ff99989bc92a9a9 /rpatricia.gemspec | |
parent | 85ef3f28ad73ac6728cea9d6fc612fe9ab1110f9 (diff) | |
download | rpatricia-e594c55b95e49665ece6f026b9eac0891e8e56af.tar.gz |
patricia: fix bounds error in ascii2prefix for-tatsuya
When parsing network masks, we forget to update the length of the IP address before scanning it for ':' to detect if an address is IPv6 or not. This caused memchr to falsely detect ':' past the end of string (but not the allocated array) if the stack had a dirty ':' leftover. Falsely detecting ':' leads to AF_INET6 being passed to inet_pton() on some AF_INET (IPv4) addresses, causing a failure. Fortunately this bug could not cause a segfault or bus error (and thus went undetected by valgrind). The code was always accessing memory within the stack allocated in the "save" array of INET6_ADDRSTRLEN bytes.
Diffstat (limited to 'rpatricia.gemspec')
0 files changed, 0 insertions, 0 deletions