From: Rich Felker Date: Sun, 2 Sep 2018 21:08:43 +0000 (-0400) Subject: fix stack-based oob memory clobber in resolver's result sorting X-Git-Tag: v1.1.20~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=64466094ede4162ddd4049cea5da09feb9abfaa6;p=oweals%2Fmusl.git fix stack-based oob memory clobber in resolver's result sorting commit 4f35eb7591031a1e5ef9828f9304361f282f28b9 introduced this bug. it is not present in any released versions. inadvertent use of the & operator on an array into which we're indexing produced arithmetic on the wrong-type pointer, with undefined behavior. --- diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c index 0e6db9ef..1bce4347 100644 --- a/src/network/lookup_name.c +++ b/src/network/lookup_name.c @@ -394,7 +394,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c key |= DAS_USABLE; if (!getsockname(fd, sa, &salen)) { if (family == AF_INET) memcpy( - &sa6.sin6_addr.s6_addr+12, + sa6.sin6_addr.s6_addr+12, &sa4.sin_addr, 4); if (dscope == scopeof(&sa6.sin6_addr)) key |= DAS_MATCHINGSCOPE;