Module Name: src Committed By: christos Date: Sun Mar 6 16:00:20 UTC 2011
Modified Files: src/lib/libc/inet: inet_net_pton.c Log Message: Check bits on each loop to prevent integer oveflow. Reported by Maksymilian Arciemowicz To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/lib/libc/inet/inet_net_pton.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libc/inet/inet_net_pton.c diff -u src/lib/libc/inet/inet_net_pton.c:1.1 src/lib/libc/inet/inet_net_pton.c:1.2 --- src/lib/libc/inet/inet_net_pton.c:1.1 Thu May 20 19:13:02 2004 +++ src/lib/libc/inet/inet_net_pton.c Sun Mar 6 11:00:20 2011 @@ -20,7 +20,7 @@ #if 0 static const char rcsid[] = "Id: inet_net_pton.c,v 1.4.2.1 2002/08/02 02:17:21 marka Exp "; #else -__RCSID("$NetBSD: inet_net_pton.c,v 1.1 2004/05/20 23:13:02 christos Exp $"); +__RCSID("$NetBSD: inet_net_pton.c,v 1.2 2011/03/06 16:00:20 christos Exp $"); #endif #endif @@ -145,12 +145,12 @@ INSIST(n >= 0 && n <= 9); bits *= 10; bits += n; + if (bits > 32) + goto emsgsize; } while ((ch = *src++) != '\0' && isascii((u_char)ch) && isdigit((u_char)ch)); if (ch != '\0') goto enoent; - if (bits > 32) - goto emsgsize; } /* Firey death and destruction unless we prefetched EOS. */