CVSROOT: /cvs
Module name: src
Changes by: flor...@cvs.openbsd.org 2021/01/19 09:43:44
Modified files:
lib/libc/net : inet_net_pton.c
Log message:
Prevent an overflow in inet_net_pton(3) when the passed in buffer is
too small in the AF_INET6 case.
Spotted by Brad House (brad AT brad-house.com) with the c-ares
regression test.
The man page says
Caution: The dst field should be zeroed before calling inet_net_pton() as
the function will only fill the number of bytes necessary to encode the
network number in network byte order.
Which seems to suggest that the function should work if the passed in
storage is big enough to hold the prefix, which might be smaller than
sizeof(in6_addr).
Input & OK tb
