addrtoname.c:getname() does not check its argument. Assuming the argument is e.g. NULL
and the function is called leads to a segmentation fault in memcpy().
Which is problematic since it is heavily used, either as getname() or ipaddr_string().
I found at least one place where this bug can be triggered, that is in print-isakmp.c:isakmp_id_print() line 707.
If I'm not wrong, this problem affects all versions, including CVS. A patch is attached.
thanks, jonathan heusser
-- Key fingerprint = 2A55 EB7C B7EA 6336 7767 4A47 910A 307B 1333 BD6C
--- addrtoname.c.old Fri Feb 13 17:29:54 2004 +++ addrtoname.c Fri Feb 13 17:32:45 2004 @@ -203,6 +203,10 @@ u_int32_t addr; static struct hnamemem *p; /* static for longjmp() */ + if(!TTEST2(*ap, sizeof(addr))) { + return NULL; + } + memcpy(&addr, ap, sizeof(addr)); p = &hnametable[addr & (HASHNAMESIZE-1)]; for (; p->nxt; p = p->nxt) {