[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overflow in ip_input.c?



Lines 193 and 1041: char buf[4*sizeof "123"];

Used for inet_ntoa, shouldn't this be 6*sizeof "123" just in case, and 
use the 'n' sprintf that checks the bytes to copy instead?  There'll 
probably never be an address that long in there, but Murphy's law...

Because we do have to squeeze in the dots and leave room for the NUL.



Visit your host, monkey.org