Fix buffer overflow in zone_equal.

Prefixes are counted in bits, not in bytes. It is safe to compare all 16 bytes, since prefixes are always normalised -- they have zeroes beyond the prefix length, see mask_prefix. Alternatively, we could use prefix_cmp.

Fix buffer overflow in zone_equal.
Prefixes are counted in bits, not in bytes. It is safe to compare all 16 bytes, since prefixes are always normalised -- they have zeroes beyond the prefix length, see mask_prefix. Alternatively, we could use prefix_cmp.
36f056a0 · Juliusz Chroboczek · c96af640 · 36f056a0
Commit 36f056a0 authored Jun 04, 2015 by Juliusz Chroboczek
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

disambiguation.c disambiguation.c +2 -2

No files found.
--- a/disambiguation.c
+++ b/disambiguation.c
@@ -132,9 +132,9 @@ static int
 zone_equal(const struct zone *z1, const struct zone *z2)
 {
    return z1 && z2 && z1->dst_plen == z2->dst_plen &&
-        memcmp(z1->dst_prefix, z2->dst_prefix, z1->dst_plen) == 0 &&
+        memcmp(z1->dst_prefix, z2->dst_prefix, 16) == 0 &&
        z1->src_plen == z2->src_plen &&
-        memcmp(z1->src_prefix, z2->src_prefix, z1->src_plen) == 0;
+        memcmp(z1->src_prefix, z2->src_prefix, 16) == 0;
 }
 static const struct babel_route *