X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=src%2Fscript.c;h=357933105d35d56f5718fbad56b30595dbe80557;hb=78bc7d9c835404ad1b5d2eb26de390bd45e26d2a;hp=83fbea5a2c37e2b18cfa2966e319b42cff55a17e;hpb=a6bbd1d7f5c25b092f143b579860a44e5b0f929e;p=odhcp6c.git diff --git a/src/script.c b/src/script.c index 83fbea5..3579331 100644 --- a/src/script.c +++ b/src/script.c @@ -227,7 +227,7 @@ static void search_to_env(const char *name, const uint8_t *start, size_t len) static void int_to_env(const char *name, int value) { - size_t len = 12 + strlen(name); + size_t len = 13 + strlen(name); char *buf = realloc(NULL, len); snprintf(buf, len, "%s=%d", name, value); putenv(buf); @@ -282,7 +282,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len size_t prefix6len = rule->prefix6_len; prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1; - if (olen < sizeof(struct dhcpv6_s46_rule) + prefix6len) + if (prefix6len > sizeof(in6) || + olen < sizeof(struct dhcpv6_s46_rule) + prefix6len) continue; memcpy(&in6, rule->ipv6_prefix, prefix6len); @@ -311,7 +312,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len size_t prefix6len = dmr->dmr_prefix6_len; prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1; - if (olen < sizeof(struct dhcpv6_s46_dmr) + prefix6len) + if (prefix6len > sizeof(in6) || + olen < sizeof(struct dhcpv6_s46_dmr) + prefix6len) continue; memcpy(&in6, dmr->dmr_ipv6_prefix, prefix6len); @@ -330,7 +332,8 @@ static void s46_to_env(enum odhcp6c_state state, const uint8_t *data, size_t len size_t prefix6len = bind->bindprefix6_len; prefix6len = (prefix6len % 8 == 0) ? prefix6len / 8 : prefix6len / 8 + 1; - if (olen < sizeof(struct dhcpv6_s46_v4v6bind) + prefix6len) + if (prefix6len > sizeof(in6) || + olen < sizeof(struct dhcpv6_s46_v4v6bind) + prefix6len) continue; memcpy(&in6, bind->bind_ipv6_prefix, prefix6len);