Re: ECDL buffer overflow

Robert Harley (Robert.Harley@inria.fr)
Thu, 30 Dec 1999 14:48:46 +0100 (MET)


Yes, the very paranoid may want to add this at the end:

pauillac-ecdl8/27 > diff ecdl2K-108.c ecdl2K-108.c~
2477,2482d2476
< if ( entry->h_length < 0
< || (size_t)entry->h_length > sizeof(http_addr.sin_addr.s_addr)
< ) {
< puts("Error: address buffer overflow!");
< return -1;
< } /* end if */

(in the 32-bit source it is at 3808,3813d3807).

Bye,
Rob.