Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5e3edf2a-eb58-a529-c561-1b86f5d8ee08@mirbsd.de>
Date: Fri, 25 Jul 2025 16:35:59 +0200 (CEST)
From: Thorsten Glaser <tg@...bsd.de>
To: musl@...ts.openwall.com
Subject: Re: Bug in IN6_IS_ADDR_V4COMPAT macro for addresses ending
 in .1

On Fri, 25 Jul 2025, Yusuke Endoh wrote:

>I suspect the condition in the macro is incorrect.
>Currently it checks if the LSB is "> 1", but it should be ">= 1".

The analysis is correct, the fix is wrong (::172.17.1.0 would still
be misrecognised).

AIUI, the macro needs to check that the address begins with quite a
lot of zeroes but is not exactly ::1 (or ::).

> #define IN6_IS_ADDR_V4COMPAT(a) \
>         (((uint32_t *) (a))[0] == 0 && ((uint32_t *) (a))[1] == 0 && \
>-         ((uint32_t *) (a))[2] == 0 && ((uint8_t *) (a))[15] > 1)
>+         ((uint32_t *) (a))[2] == 0 && ((uint8_t *) (a))[15] >= 1)

Is that casting well-defined? If so, perhaps:

 +         ((uint32_t *) (a))[2] == 0 && ((uint32_t *) (a))[3] > 1)

Untested, and I’ve not yet had enough coffee, so DWIM ☻

bye,
//mirabilos
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
	-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.