On Sun, May 12, 2002 at 02:19:00AM +0400, Solar Designer wrote:
> Alexander, -- I don't remember whether we have submitted other fixes
> we have in the lftp package on Owl. I've attached the important
> security fix now, don't know if it's still relevant to 2.5.1 (sorry;
> just ignore it if it isn't). This patch is by Michail Litvak
> <[EMAIL PROTECTED]>.
>
> switch(family)
> {
> case AF_INET:
> + if(sizeof(add->in.sin_addr) != len)
> + {
> + addr_num--;
> + return;
> + }
> memcpy(&add->in.sin_addr,address,len);
Thanks! I have applied the patch. I wonder, how this condition can be true?
Is it related to dns server reply forgery?
--
Alexander.
