From 4c2d520eeffe4c69f93f7195658f6e4877bb2ccf Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@gmx.de>
Date: Tue, 2 Apr 2013 03:39:24 +0200
Subject: fix parseip()

addresses like: "1:2:3:4:5:6:7:255.255.255.255" caused parseip
to write beyond the ip buffer.
---
 sys/src/libip/parseip.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sys/src/libip/parseip.c')

diff --git a/sys/src/libip/parseip.c b/sys/src/libip/parseip.c
index 7856b4a6c..9f5d5dac7 100644
--- a/sys/src/libip/parseip.c
+++ b/sys/src/libip/parseip.c
@@ -74,6 +74,10 @@ parseip(uchar *to, char *from)
 		op = p;
 		x = strtoul(p, &p, 16);
 		if(*p == '.' || (*p == 0 && i == 0)){	/* ends with v4? */
+			if(i > IPaddrlen-4){
+				memset(to, 0, IPaddrlen);
+				return -1;		/* parse error */
+			}
 			p = v4parseip(to+i, op);
 			i += 4;
 			break;
-- 
cgit v1.2.3