if (used + b + 1 >= dest_len)
return -1;
- if (offset + b + 1 >= packet_len)
+ if (offset + b >= packet_len)
return -1;
memcpy(dest + used, packet + offset, b);
offset += b;
/* Layout in buf:
* char *alias[ALIAS_DIM];
* struct in[6]_addr* addr_list[2];
- * struct in[6]_addr* in;
+ * struct in[6]_addr in;
* char scratch_buffer[256+];
*/
#define in6 ((struct in6_addr *)in)
#ifndef __UCLIBC_HAS_IPV6__
buf += sizeof(*in);
buflen -= sizeof(*in);
+ if (addrlen > sizeof(*in))
+ return ERANGE;
#else
buf += sizeof(*in6);
buflen -= sizeof(*in6);
+ if (addrlen > sizeof(*in6))
+ return ERANGE;
#endif
if ((ssize_t)buflen < 256)
return ERANGE;
alias[1] = NULL;
addr_list[0] = in;
addr_list[1] = NULL;
- memcpy(&in, addr, addrlen);
+ memcpy(in, addr, addrlen);
if (0) /* nothing */;
#ifdef __UCLIBC_HAS_IPV4__
char *dst = buf;
unsigned char *tp = (unsigned char *)addr + addrlen - 1;
do {
- dst += sprintf(dst, "%x.%x.", tp[i] & 0xf, tp[i] >> 4);
+ dst += sprintf(dst, "%x.%x.", tp[0] & 0xf, tp[0] >> 4);
tp--;
} while (tp >= (unsigned char *)addr);
strcpy(dst, "ip6.arpa");