From 9bea045e60fa612336ae6a78267284bcec2e9e25 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Tue, 9 Aug 2011 12:25:46 +0200
Subject: bugfix: memcpy overflow can occur in allowed sender checking
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

...if a host name is resolved to IPv4-mapped-on-IPv6 address.
Found by Ismail Dönmez at suse.

Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
---
 runtime/net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'runtime')

diff --git a/runtime/net.c b/runtime/net.c
index fe6eef5b..0866efd7 100644
--- a/runtime/net.c
+++ b/runtime/net.c
@@ -721,7 +721,7 @@ static rsRetVal AddAllowedSender(struct AllowedSenders **ppRoot, struct AllowedS
 						SIN(allowIP.addr.NetAddr)->sin_port   = 0;
 						memcpy(&(SIN(allowIP.addr.NetAddr)->sin_addr.s_addr),
 							&(SIN6(res->ai_addr)->sin6_addr.s6_addr32[3]),
-							sizeof (struct sockaddr_in));
+							sizeof (in_addr_t));
 
 						if((iRet = AddAllowedSenderEntry(ppRoot, ppLast, &allowIP,
 								iSignificantBits))
-- 
cgit