From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 1990 invoked from network); 26 Jan 2023 11:48:11 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 26 Jan 2023 11:48:11 -0000 Received: (qmail 17560 invoked by uid 550); 26 Jan 2023 11:48:06 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 17522 invoked from network); 26 Jan 2023 11:48:05 -0000 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 680B144C100C From: Alexey Izbyshev To: musl@lists.openwall.com Date: Thu, 26 Jan 2023 14:47:39 +0300 Message-Id: <20230126114739.205332-1-izbyshev@ispras.ru> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Mail-Followup-To: musl@lists.openwall.com Content-Transfer-Encoding: 8bit Subject: [musl] [PATCH] inet_pton: fix uninitialized memory use for IPv4-mapped IPv6 addresses When a dot is encountered, the loop counter is incremented before exiting the loop, but the corresponding ip array element is left uninitialized, so the subsequent memmove (if "::" was seen) and the loop copying ip to the output buffer will operate on an uninitialized uint16_t. The uninitialized data never directly influences the control flow and is overwritten on successful return by the second half of the parsed IPv4 address. But it's better to fix this to avoid unexpected transformations by a sufficiently smart compiler and reports from UB-detection tools. --- src/network/inet_pton.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c index d36c3689..bcbdd9ef 100644 --- a/src/network/inet_pton.c +++ b/src/network/inet_pton.c @@ -54,6 +54,7 @@ int inet_pton(int af, const char *restrict s, void *restrict a0) if (s[j]!='.' || (i<6 && brk<0)) return 0; need_v4=1; i++; + ip[i&7]=0; break; } s += j+1; -- 2.39.1