[IPv6addr] overrun in find_if() for 128bit prefixes
bac426568512
Actions

Description

[IPv6addr] overrun in find_if() for 128bit prefixes
while reading over the IPv6addr code I notices that there is an overrun in
find_if() in the case where the prefix is 128. In this case,
mask.s6_addr[16] will be accessed twice, but that array only
has 16 elements.

The patch below takes the simple approach of just treating 128 as a corner
case and skiping the offending parts of the mask manipulation accordingly.
It also reverses the way the mask is seeded, removing bits rather than
adding them, to ensure that the corner case is all 1s rather than all 0s.

--HG--
extra : convert_revision : b4bc188b4ebe94824e042a674770c90ee4335469

Details

Provenance

Horms <horms@verge.net.au>

Authored on Apr 18 2007, 11:33 PM

Parents

rRd722773cc4ba: [IPv6addr] create_pid_directory() leaks dir

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

heartbeat/

IPv6addr.c

rRbac426568512

View Options