[BusyBox] welcome ifconfig and route
Erik Andersen
andersen at codepoet.org
Sun Feb 18 21:54:58 UTC 2001
On Sun Feb 18, 2001 at 12:11:30PM -0800, Larry Doolittle wrote:
>
> If inet_ntoa output _does_ exceed 15 characters, the format string is
> the least of our problems, we would have a buffer overflow on our hands.
Hmm. inet_ntoa should at worst be giving us 12 digits + 3 '.'s + 1 NULL, for a
maximum of 16 chars unless I've failed to think of something. Just for fun I
looked up the C library sources. uClibc, sensibly, uses "static char buf[16]"
for the buffer (though the implementation of inet_ntoa leaves a lot to be
desired).
libc5 uses
static char b[18];
...
#define UC(b) (((int)b)&0xff)
(void)snprintf(b, sizeof(b),
"%d.%d.%d.%d", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]));
in inet_ntoa, so no chance there of buf overflow.
GNU libc uses
char *buffer;
...
buffer = malloc (18);
...
bytes = (unsigned char *) ∈
__snprintf (buffer, 18, "%d.%d.%d.%d",
bytes[0], bytes[1], bytes[2], bytes[3]);
which doesn't look nearly as safe as libc5.
I have no idea why they allocate the extra 2 chars...
-Erik
--
Erik B. Andersen email: andersen at lineo.com
--This message was written using 73% post-consumer electrons--
More information about the busybox
mailing list