From 3db6c84f4cf851db8fa11ec7f7da2f902efd275a Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Tue, 22 Jan 2008 00:22:13 +0200 Subject: [PATCH] Bug 997: Fix unlikely stack corruption in get_pasv_socket. It is unlikely because the standard members of struct sockaddr_in (sin_family, sin_port, sin_addr) already require at least 8 bytes and I don't know of any system that has size_t larger than that. Besides, at least glibc pads the structure to 16 bytes. --- NEWS | 1 + src/network/socket.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 331c8bb8..4c407051 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,7 @@ To be released as 0.11.4. * minor bug 928: properly display no-break spaces in a UTF-8 document if the terminal uses some other charset * trivial bug 947: document.html.wrap_nbsp also affects text in tables +* trivial bug 997: fix unlikely stack corruption in active FTP * build bug 950: fix ``config/install-sh: No such file or directory'' on SunOS * build bug 936: fix errors about undefined off_t (autoheader diff --git a/src/network/socket.c b/src/network/socket.c index fc579b7f..c022d97b 100644 --- a/src/network/socket.c +++ b/src/network/socket.c @@ -296,8 +296,8 @@ get_pasv_socket(struct socket *ctrl_socket, struct sockaddr_storage *addr) syspf = PF_INET; } - memset(pasv_addr, 0, sizeof(addrlen)); - memset(bind_addr, 0, sizeof(addrlen)); + memset(pasv_addr, 0, addrlen); + memset(bind_addr, 0, addrlen); /* Get our endpoint of the control socket */ len = addrlen;