diff options
| author | David McCullough <davidm@snapgear.com> | 2002-09-17 01:40:47 +0000 | 
|---|---|---|
| committer | David McCullough <davidm@snapgear.com> | 2002-09-17 01:40:47 +0000 | 
| commit | bc31d1c7241bb037c6fa4ca0563afe22e99894c0 (patch) | |
| tree | 9628cc4e33f49e5d003993b0abcd718deb2d72eb /libc/inet | |
| parent | 032f59d2a95d46aa0942c4e0ee52757a5f33ed26 (diff) | |
Fix a memory corruption bug.
With gcc, sizeof on a sized array argument to a function returns 4,  not
16 as was expected in this code.  This caused inet_ntoa to overwrite
whatever came before the buffer in the BSS by up to 12 bytes.
Diffstat (limited to 'libc/inet')
| -rw-r--r-- | libc/inet/addr.c | 9 | 
1 files changed, 6 insertions, 3 deletions
| diff --git a/libc/inet/addr.c b/libc/inet/addr.c index 7751b6bc2..df14fd09f 100644 --- a/libc/inet/addr.c +++ b/libc/inet/addr.c @@ -84,14 +84,17 @@ unsigned long inet_addr(const char *cp)  #endif  #ifdef L_inet_ntoa -char *inet_ntoa_r(struct in_addr in, char buf[16]) + +#define INET_NTOA_MAX_LEN	16	/* max 12 digits + 3 '.'s + 1 nul */ + +char *inet_ntoa_r(struct in_addr in, char buf[INET_NTOA_MAX_LEN])  {  	unsigned long addr = ntohl(in.s_addr);  	int i;  	char *p, *q;  	q = 0; -	p = buf + sizeof(buf) - 1; +	p = buf + INET_NTOA_MAX_LEN - 1; /* cannot use sizeof(buf) here */  	for (i=0 ; i < 4 ; i++ ) {  		p = _int10tostr(p, addr & 0xff) - 1;  		addr >>= 8; @@ -106,7 +109,7 @@ char *inet_ntoa_r(struct in_addr in, char buf[16])  char *inet_ntoa(struct in_addr in)  { -	static char buf[16];		/* max 12 digits + 3 '.'s + 1 nul */ +	static char buf[INET_NTOA_MAX_LEN];  	return(inet_ntoa_r(in, buf));  }  #endif | 
