projects / oweals / musl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d0d2125)
fix stack-based oob memory clobber in resolver's result sorting
authorRich Felker <dalias@aerifal.cx>
Sun, 2 Sep 2018 21:08:43 +0000 (17:08 -0400)
committerRich Felker <dalias@aerifal.cx>
Sun, 2 Sep 2018 21:08:43 +0000 (17:08 -0400)
commit 4f35eb7591031a1e5ef9828f9304361f282f28b9 introduced this bug.
it is not present in any released versions. inadvertent use of the &
operator on an array into which we're indexing produced arithmetic on
the wrong-type pointer, with undefined behavior.

src/network/lookup_name.c patch | blob | history

diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
index 0e6db9ef0f78c835beca00e0034120d6b183932a..1bce43471c8231476e485a91b6c169a735e597eb 100644 (file)
--- a/src/network/lookup_name.c
+++ b/src/network/lookup_name.c
@@ -394,7 +394,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c
                                key |= DAS_USABLE;
                                if (!getsockname(fd, sa, &salen)) {
                                        if (family == AF_INET) memcpy(
-                                               &sa6.sin6_addr.s6_addr+12,
+                                               sa6.sin6_addr.s6_addr+12,
                                                &sa4.sin_addr, 4);
                                        if (dscope == scopeof(&sa6.sin6_addr))
                                                key |= DAS_MATCHINGSCOPE;
Unnamed repository; edit this file 'description' to name the repository.