From 70ad0f5226b986df56f7e995b55db09c6a6f5301 Mon Sep 17 00:00:00 2001
From: Tony Wu <tonywu@realtek.com>
Date: Thu, 3 Nov 2016 18:16:17 +0800
Subject: [PATCH] netsocket - Fix set_ip_bytes out-of-bound access

set_ip_bytes() does a 16-byte memcpy from the input buffer to
the local nsapi_addr_t despite the address version.

If the address version is ipv4, the input buffer may only be
4-byte in size. This causes a out-of-bound access on the input buffer.

Signed-off-by: Tony Wu <tonywu@realtek.com>
---
 features/netsocket/SocketAddress.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/features/netsocket/SocketAddress.cpp b/features/netsocket/SocketAddress.cpp
index c7a8c91e10..8fc2595294 100644
--- a/features/netsocket/SocketAddress.cpp
+++ b/features/netsocket/SocketAddress.cpp
@@ -203,8 +203,14 @@ bool SocketAddress::set_ip_address(const char *addr)
 void SocketAddress::set_ip_bytes(const void *bytes, nsapi_version_t version)
 {
     nsapi_addr_t addr;
+
+    addr = nsapi_addr_t();
     addr.version = version;
-    memcpy(addr.bytes, bytes, NSAPI_IP_BYTES);
+    if (version == NSAPI_IPv6) {
+        memcpy(addr.bytes, bytes, NSAPI_IPv6_BYTES);
+    } else if (version == NSAPI_IPv4) {
+        memcpy(addr.bytes, bytes, NSAPI_IPv4_BYTES);
+    }
     set_addr(addr);
 }