Hello, Recently we did a static code analysis of the IGMP proxy code, and we believe we've found a bug in one of the modules. We'd like to send the fix upstream; please find attached our patch for the bug.
The bug is a problem with memory management on line 244 of the config.c module. A buffer is allocated that is always one byte too small for the data that is placed in it. Thanks for your work with the IGMP proxy. Regards, Joe Walsh -- genua Gesellschaft fuer Netzwerk- und Unix-Administration mbH Domagkstrasse 7, 85551 Kirchheim bei Muenchen tel +49 89 991950-0, fax -999, www.genua.de Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander, Bernhard Schneck. Amtsgericht Muenchen HRB 98238
--- config.c Mon Jun 3 16:16:30 2013 +++ config.c Mon Jun 3 18:44:21 2013 @@ -241,11 +241,10 @@ tmpPtr->allowednets = NULL; // Make a copy of the token to store the IF name - tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) ); + tmpPtr->name = strdup(token); if(tmpPtr->name == NULL) { log(LOG_ERR, 0, "Out of memory."); } - strcpy(tmpPtr->name, token); // Set the altnet pointer to the allowednets pointer. anetPtr = &tmpPtr->allowednets;