ref: 4c2d520eeffe4c69f93f7195658f6e4877bb2ccf
parent: e8c1d0fe7cdfcbf0d913b5091a33a14da561f976
author: cinap_lenrek <[email protected]>
date: Mon Apr 1 23:39:24 EDT 2013
fix parseip() addresses like: "1:2:3:4:5:6:7:255.255.255.255" caused parseip to write beyond the ip buffer.
--- a/sys/src/libip/parseip.c
+++ b/sys/src/libip/parseip.c
@@ -74,6 +74,10 @@
op = p;
x = strtoul(p, &p, 16);
if(*p == '.' || (*p == 0 && i == 0)){ /* ends with v4? */+ if(i > IPaddrlen-4){+ memset(to, 0, IPaddrlen);
+ return -1; /* parse error */
+ }
p = v4parseip(to+i, op);
i += 4;
break;