[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Buffer overflow in ip_input.c?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Buffer overflow in ip_input.c?
- From: James Buchanan <jamesb_(_dot_)_au_(_at_)_ozemail_(_dot_)_com_(_dot_)_au>
- Date: Tue, 29 Jul 2003 07:36:57 +1000
Lines 193 and 1041: char buf[4*sizeof "123"];
Used for inet_ntoa, shouldn't this be 6*sizeof "123" just in case, and
use the 'n' sprintf that checks the bytes to copy instead? There'll
probably never be an address that long in there, but Murphy's law...
Because we do have to squeeze in the dots and leave room for the NUL.