This analysis makes sense - I think using memcmp is clearly wrong here. cheers
andrew Jan Wieck said: > On a second thought, > > I still believe that this is just garbage in the padding bytes after > the IPV4 address. The code currently bind()'s and connect()'s > explicitly to an AF_INET address. So all we ever should see is > something from and AF_INET address. Everything else in the sin_family > has to be discarded. I do not think it is allowed to bind() and > connect() to an IPV4 address and then get anything other than an IPV4 > address back from the system. If that is the case, the whole idea is > broken. > > An AF_INET address now has only two relevant fields, the sin_port and > sin_addr. If they are the same, everything is fine. So the correct > check would be that 1. fromlen > sizeof(sin_family), 2. sin_family == > AF_INET, 3. sin_port and sin_addr identical. > > After reading Kurt's quoting of the SUS manpage I have to agree with > Tom in that we cannot skip the check entirely. It says it limits for > recv() but we are using recvfrom() ... there might be a little > difference on that platform ... > > ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html