Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/win32.cc

Issue 2867653002: Fixing invalid IPv6 address parsing stack underflow on Windows. (Closed)
Patch Set: Fixing issue caught by new test. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | webrtc/base/win32_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/win32.cc
diff --git a/webrtc/base/win32.cc b/webrtc/base/win32.cc
index 485f7a6931d2c386f00b61be70d181effe379731..89970ec3a98004e956f5f4528d5e7729ba930b57 100644
--- a/webrtc/base/win32.cc
+++ b/webrtc/base/win32.cc
@@ -276,6 +276,11 @@ int inet_pton_v6(const char* src, void* dst) {
++coloncounter;
}
// (coloncount + 1) is the number of shorts left in the address.
+ // If this number is greater than the number of available shorts, the
+ // address is malformed.
+ if (coloncount + 1 > addr_end - addr_cursor) {
+ return 0;
+ }
addr_cursor = addr_end - (coloncount + 1);
seencompressed = true;
}
@@ -285,7 +290,7 @@ int inet_pton_v6(const char* src, void* dst) {
} else {
uint16_t word;
int bytesread = 0;
- if (sscanf(readcursor, "%hx%n", &word, &bytesread) != 1) {
+ if (sscanf(readcursor, "%4hx%n", &word, &bytesread) != 1) {
return 0;
} else {
*addr_cursor = HostToNetwork16(word);
« no previous file with comments | « no previous file | webrtc/base/win32_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698