> CVSROOT: /cvs
> Module name: src
> Changes by: mill...@cvs.openbsd.org 2016/12/06 15:32:59
>
> Modified files:
> lib/libc/net : linkaddr.c
>
> Log message:
> CVE-2016-6559: fix potential buffer overflow(s) in link_ntoa(3).
> A specially crafted struct sockaddr_dl argument can trigger a stack
> overflow of a static buffer in libc. An attacker may be able to
> use this to write to arbitrary locations in the data segment.
> >From FreeBSD (glebius); OK deraadt@ mestre@
May I suggest a little change here?
Decrement the remaining space in the last branch.
--- linkaddr.c.old 2016-12-07 00:32:58.000000000 +0200
+++ linkaddr.c 2016-12-07 02:33:57.691586172 +0200
@@ -78,7 +78,7 @@ link_ntoa(const struct sockaddr_dl *sdl)
if (rem < 2)
break;
*out++ = hexlist[i];
- rem++;
+ rem--;
}
}
*out = 0;
