diff options
| author | Rich Felker <dalias@aerifal.cx> | 2018-09-02 17:08:43 -0400 | 
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2018-09-02 17:08:43 -0400 | 
| commit | 64466094ede4162ddd4049cea5da09feb9abfaa6 (patch) | |
| tree | 5ea27fa33205dadfc2ede53a7e6bff3611f9abd0 | |
| parent | d0d212525ec7d08a4770fba97aa913ea34cafdb2 (diff) | |
| download | musl-64466094ede4162ddd4049cea5da09feb9abfaa6.tar.gz | |
fix stack-based oob memory clobber in resolver's result sorting
commit 4f35eb7591031a1e5ef9828f9304361f282f28b9 introduced this bug.
it is not present in any released versions. inadvertent use of the &
operator on an array into which we're indexing produced arithmetic on
the wrong-type pointer, with undefined behavior.
| -rw-r--r-- | src/network/lookup_name.c | 2 | 
1 files changed, 1 insertions, 1 deletions
| diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c index 0e6db9ef..1bce4347 100644 --- a/src/network/lookup_name.c +++ b/src/network/lookup_name.c @@ -394,7 +394,7 @@ int __lookup_name(struct address buf[static MAXADDRS], char canon[static 256], c  				key |= DAS_USABLE;  				if (!getsockname(fd, sa, &salen)) {  					if (family == AF_INET) memcpy( -						&sa6.sin6_addr.s6_addr+12, +						sa6.sin6_addr.s6_addr+12,  						&sa4.sin_addr, 4);  					if (dscope == scopeof(&sa6.sin6_addr))  						key |= DAS_MATCHINGSCOPE; | 
