>
> I don't really see how a buffer overrun could happen. Can you elaborate a
> bit more on that?
>
> Thanks, Bert
>
The current implementation subtracts more from 'left' than it should,
eventually leading to a negative value - however the variable type is
unsigned so it becomes a large positive number instead! Subsequent
loop iterations will therefore evaluate 'left > ipv4_size' and/or
'left > ipv6_size' to true and open up for a possible buffer overrun.
I guess this only happens if you have a lot of network adapters on the
system so it may not be easily reproduced, but it surely happened on
my system!
Thanks, Poul Thomas
Received on 2012-02-07