Date: Wed, 17 Dec 2008 14:21:49 +0000 (UTC) From: Hajimu UMEMOTO <ume@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org Subject: svn commit: r186226 - stable/6/lib/libc/inet Message-ID: <200812171421.mBHELnY6006188@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ume Date: Wed Dec 17 14:21:49 2008 New Revision: 186226 URL: http://svn.freebsd.org/changeset/base/186226 Log: MFC 186090 inet_net_pton() can sometimes return the wrong value if excessively large netmasks are supplied. [RT #18512] Reported by: Maksymilian Arciemowicz <cxib__at__securityreason.com> Obtained from: BIND 9.4.3 Modified: stable/6/lib/libc/inet/inet_net_pton.c (contents, props changed) Modified: stable/6/lib/libc/inet/inet_net_pton.c ============================================================================== --- stable/6/lib/libc/inet/inet_net_pton.c Wed Dec 17 13:13:35 2008 (r186225) +++ stable/6/lib/libc/inet/inet_net_pton.c Wed Dec 17 14:21:49 2008 (r186226) @@ -135,11 +135,11 @@ inet_net_pton_ipv4(const char *src, u_ch assert(n >= 0 && n <= 9); bits *= 10; bits += n; + if (bits > 32) + goto enoent; } while ((ch = *src++) != '\0' && isascii(ch) && isdigit(ch)); if (ch != '\0') goto enoent; - if (bits > 32) - goto emsgsize; } /* Firey death and destruction unless we prefetched EOS. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812171421.mBHELnY6006188>