Message42082
Logged In: YES
user_id=33168
ISTM that in socket_inet_ntop() you need to verify the size
of the packed value passed in. If the user passes an empty
string, inet_ntop() could read beyond the buffer passed in,
potentially causing a core dump.
The checks could be something like this:
if (af == AF_INET && len != sizeof(struct in_addr))
else if (af == AF_INET6 && len != sizeof(struct in6_addr))
Do this make sense? |
|
Date |
User |
Action |
Args |
2007-08-23 15:19:11 | admin | link | issue658327 messages |
2007-08-23 15:19:11 | admin | create | |
|