[BusyBox] welcome ifconfig and route

[Erik Andersen]

On Sun Feb 18, 2001 at 12:11:30PM -0800, Larry Doolittle wrote:
> 
> If inet_ntoa output _does_ exceed 15 characters, the format string is
> the least of our problems, we would have a buffer overflow on our hands.

Hmm.  inet_ntoa should at worst be giving us 12 digits + 3 '.'s + 1 NULL, for a
maximum of 16 chars unless I've failed to think of something.  Just for fun I
looked up the C library sources.  uClibc, sensibly, uses "static char buf[16]"
for the buffer (though the implementation of inet_ntoa leaves a lot to be
desired).

libc5 uses
    static char b[18];
    ...
#define UC(b)   (((int)b)&0xff)
    (void)snprintf(b, sizeof(b),
	"%d.%d.%d.%d", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]));
in inet_ntoa, so no chance there of buf overflow.


GNU libc uses 
  char *buffer;
  ...
  buffer = malloc (18);
  ...
  bytes = (unsigned char *) ∈
  __snprintf (buffer, 18, "%d.%d.%d.%d",
	      bytes[0], bytes[1], bytes[2], bytes[3]);
which doesn't look nearly as safe as libc5.

I have no idea why they allocate the extra 2 chars...

 -Erik

--
Erik B. Andersen   email:  andersen at lineo.com
--This message was written using 73% post-consumer electrons--