fixed a buffer overrun in sprint_uint64() (Bug-ID 1714648)

author: SUZUKI, Shinsuke <suz@kame.net> 2007-07-24 15:20:24 +0000
committer: Bjørn Mork <bjorn@mork.no> 2010-08-06 15:37:37 +0200
commit: 8cd1aa21f41750e38f3e3f7e907b7926ebe473c4 (patch)
tree: af323c97e228608ee2d79b3260a323224b788dea
parent: 3449a53562d27c747e22390a94c0231d3bf8c222 (diff)
2 files changed, 9 insertions, 4 deletions
diff --git a/CHANGES b/CHANGES
index f584951..3023837 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2007-07-24  SUZUKI, Shinsuke <suz@kame.net>
+	* common.c: fixed a buffer overrun in sprint_uint64()
+	  (Bug-ID 1714648)
+
 2007-07-10  SUZUKI, Shinsuke <suz@kame.net>
 	* common.c: fixed a singular-point detection failure in replay check.
 	  (Bug-ID 1714644)
diff --git a/common.c b/common.c
index dd1a098..2f42ed8 100644
--- a/common.c
+++ b/common.c
@@ -2149,11 +2149,12 @@ sprint_uint64(buf, buflen, i64)
 	u_int64_t i64;
 {
 	u_int16_t rd0, rd1, rd2, rd3;
+	u_int16_t *ptr = (u_int16_t *)&i64;
 
-	rd0 = ntohs(*(u_int16_t *)(void *)&i64);
-	rd1 = ntohs(*((u_int16_t *)(void *)(&i64 + 1)));
-	rd2 = ntohs(*((u_int16_t *)(void *)(&i64 + 2)));
-	rd3 = ntohs(*((u_int16_t *)(void *)(&i64 + 3)));
+	rd0 = ntohs(*ptr++);
+	rd1 = ntohs(*ptr++);
+	rd2 = ntohs(*ptr++);
+	rd3 = ntohs(*ptr);
 
 	snprintf(buf, buflen, "%04x %04x %04x %04x", rd0, rd1, rd2, rd3);
author	SUZUKI, Shinsuke <suz@kame.net>	2007-07-24 15:20:24 +0000
committer	Bjørn Mork <bjorn@mork.no>	2010-08-06 15:37:37 +0200
commit	8cd1aa21f41750e38f3e3f7e907b7926ebe473c4 (patch)
tree	af323c97e228608ee2d79b3260a323224b788dea
parent	3449a53562d27c747e22390a94c0231d3bf8c222 (diff)