On Sun, May 12, 2002 at 02:19:00AM +0400, Solar Designer wrote: > Alexander, -- I don't remember whether we have submitted other fixes > we have in the lftp package on Owl. I've attached the important > security fix now, don't know if it's still relevant to 2.5.1 (sorry; > just ignore it if it isn't). This patch is by Michail Litvak > <[EMAIL PROTECTED]>. > > switch(family) > { > case AF_INET: > + if(sizeof(add->in.sin_addr) != len) > + { > + addr_num--; > + return; > + } > memcpy(&add->in.sin_addr,address,len);
Thanks! I have applied the patch. I wonder, how this condition can be true? Is it related to dns server reply forgery? -- Alexander.