IPv6 String Format Overflow

[Chase Douglas]

I've found the exact same bug as described here: http://sourceforge.net/mailarchive/forum.php?thread_name=46C64454.9040209%40linux.vnet.ibm.com&forum_name=net-snmp-coders 
, but in snmplib/snmpTCPIPv6Domain.c instead of snmplib/ 
snmpUDPIPv6Domain.c. The following patch solves the buffer overrun:

--- net-snmp-5.4.1/snmplib/snmpTCPIPv6Domain.c.orig     2008-06-16  
19:41:06.000000000 +0000
+++ net-snmp-5.4.1/snmplib/snmpTCPIPv6Domain.c  2008-06-16  
19:35:53.000000000 +0000
@@ -97,7 +97,7 @@
         return strdup("TCP/IPv6: unknown");
     } else {
         char addr[INET6_ADDRSTRLEN];
-        char tmp[INET6_ADDRSTRLEN + 8];
+        char tmp[INET6_ADDRSTRLEN + 18];
         sprintf(tmp, "TCP/IPv6: [%s]:%hd",
                 inet_ntop(AF_INET6, (void *) &(to->sin6_addr), addr,

Thanks
--

Chase Douglas
IBM Linux Technology Center
[EMAIL PROTECTED]
(614) 448-4086 T/L 268-7011



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders