Avoid a stack overflow when presented with a malformed IPv6 Subnet.

author Guus Sliepen <guus@tinc-vpn.org>

Mon, 26 Jul 2021 13:01:12 +0000 (15:01 +0200)

committer Guus Sliepen <guus@tinc-vpn.org>

Mon, 26 Jul 2021 13:05:23 +0000 (15:05 +0200)
author Guus Sliepen <guus@tinc-vpn.org>
Mon, 26 Jul 2021 13:01:12 +0000 (15:01 +0200)
committer Guus Sliepen <guus@tinc-vpn.org>
Mon, 26 Jul 2021 13:05:23 +0000 (15:05 +0200)
diff --git a/src/subnet_parse.c b/src/subnet_parse.c

index d877c7f..044d6e7 100644 (file)
--- a/src/subnet_parse.c
+++ b/src/subnet_parse.c
@@ -306,6 +306,11 @@ bool str2net(subnet_t *subnet, const char *subnetstr) {
  
         char *last_colon = strrchr(str, ':');
  
+       /* Check that the last colon is not further than possible in an IPv6 address */
+       if(last_colon >= str + 5 * 8) {
+               return false;
+       }
+
         if(last_colon && sscanf(last_colon, ":%hu.%hu.%hu.%hu%n", &x[0], &x[1], &x[2], &x[3], &consumed) >= 4 && !last_colon[consumed]) {
                 /* Dotted quad suffix notation, convert to standard IPv6 notation */
                 for(int i = 0; i < 4; i++)
author	Guus Sliepen <guus@tinc-vpn.org>
	Mon, 26 Jul 2021 13:01:12 +0000 (15:01 +0200)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Mon, 26 Jul 2021 13:05:23 +0000 (15:05 +0200)