Date: Sun, 22 Mar 2015 06:36:58 +0000 From: Justin Cormack <justin@...cialbusservice.com> To: musl@...ts.openwall.com, Konstantin Serebryany <konstantin.s.serebryany@...il.com>, Rich Felker <dalias@...c.org> Subject: Re: buffer overflow in regcomp and a way to find more of those On 21 March 2015 at 22:13, Szabolcs Nagy <nsz@...t70.net> wrote: > * Szabolcs Nagy <nsz@...t70.net> [2015-03-21 22:38:25 +0100]: >> ah.. r14 is incremented as the string is parsed >> the original string is >> >> (gdb) p (char*)0x6e2dc3-35 >> $37 = 0x6e2da0 "8:a:2:8:3:28:8::2:83:20:8:2:833:23:2.8288;3:33::2.82.83333" >> >> with this i can reproduce the crash > > i assume > > 1:2:3:4:5:6:7:: > > is invalid ipv6 address No, it is valid, the last :: expands to :0. RFC 2373 says "The "::" can also be used to compress the leading and/or trailing zeros in an address." Justin
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.