2305. [security] inet_network() buffer overflow. CVE-2008-0122.

9.2.0
2008-01-16 05:15:36 +00:00 · 2007-09-20 01:22:18 +00:00
3 changed files with 8 additions and 5 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+2305.	[security]	inet_network() buffer overflow. CVE-2008-0122.
+
+	--- 9.2.9 released ---

 	--- 9.2.9rc1 released ---

--- a/lib/bind/inet/inet_network.c
+++ b/lib/bind/inet/inet_network.c
@@ -84,9 +84,9 @@ again:
 	}
 	if (!digit)
 		return (INADDR_NONE);
+	if (pp >= parts + 4 || val > 0xffU)
+		return (INADDR_NONE);
 	if (*cp == '.') {
-		if (pp >= parts + 4 || val > 0xffU)
-			return (INADDR_NONE);
 		*pp++ = val, cp++;
 		goto again;
 	}
--- a/6
+++ b/6
@@ -1,4 +1,4 @@
-# $Id: version,v 1.26.2.50 2007/08/29 04:02:47 marka Exp $
+# $Id: version,v 1.26.2.51 2007/09/20 01:21:57 marka Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=2
 PATCHVER=9
-RELEASETYPE=rc
-RELEASEVER=1
+RELEASETYPE=
+RELEASEVER=
Author	SHA1	Message	Date
Mark Andrews	8bc3fe510b	2305. [security] inet_network() buffer overflow. CVE-2008-0122.	2008-01-16 05:15:36 +00:00
Mark Andrews	a7637b7db7	9.2.0	2007-09-20 01:22:18 +00:00