From 9bea045e60fa612336ae6a78267284bcec2e9e25 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Tue, 9 Aug 2011 12:25:46 +0200 Subject: bugfix: memcpy overflow can occur in allowed sender checking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ...if a host name is resolved to IPv4-mapped-on-IPv6 address. Found by Ismail Dönmez at suse. Signed-off-by: Rainer Gerhards --- ChangeLog | 3 +++ runtime/net.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 43c266ae..785a60eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ --------------------------------------------------------------------------- Version 4.6.8 [v4-stable] (rgerhards), 2011-??-?? - bugfix: potential misadressing in property replacer +- bugfix: memcpy overflow can occur in allowed sender checkig + if a name is resolved to IPv4-mapped-on-IPv6 address + Found by Ismail Dönmez at suse --------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages diff --git a/runtime/net.c b/runtime/net.c index fe6eef5b..0866efd7 100644 --- a/runtime/net.c +++ b/runtime/net.c @@ -721,7 +721,7 @@ static rsRetVal AddAllowedSender(struct AllowedSenders **ppRoot, struct AllowedS SIN(allowIP.addr.NetAddr)->sin_port = 0; memcpy(&(SIN(allowIP.addr.NetAddr)->sin_addr.s_addr), &(SIN6(res->ai_addr)->sin6_addr.s6_addr32[3]), - sizeof (struct sockaddr_in)); + sizeof (in_addr_t)); if((iRet = AddAllowedSenderEntry(ppRoot, ppLast, &allowIP, iSignificantBits)) -- cgit