subject:"buffer overflow in inet_ntop4"

Re: buffer overflow in inet_ntop4

2014-05-17 Thread Ted Unangst

On Sat, May 17, 2014 at 11:00, enh wrote: inet_ntop4 incorrectly mixes a user-supplied size with a self-supplied buffer: inet_ntop4(const u_char *src, char *dst, size_t size) ... char tmp[sizeof 255.255.255.255]; ... l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]);

Re: buffer overflow in inet_ntop4

2014-05-17 Thread Stefan Sperling

On Sat, May 17, 2014 at 02:18:22PM -0400, Ted Unangst wrote: On Sat, May 17, 2014 at 11:00, enh wrote: inet_ntop4 incorrectly mixes a user-supplied size with a self-supplied buffer: inet_ntop4(const u_char *src, char *dst, size_t size) ... char tmp[sizeof 255.255.255.255];