From: Steven Barth Date: Mon, 13 May 2013 15:00:38 +0000 (+0200) Subject: Fix possible buffer overflows in DNS handling X-Git-Tag: debian/1.1+git20160131-1~150 X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=aabacd97af729d44fe6e6e171fb65b1086e23417;p=odhcp6c.git Fix possible buffer overflows in DNS handling --- diff --git a/src/script.c b/src/script.c index 2c62bf2..b9bf0aa 100644 --- a/src/script.c +++ b/src/script.c @@ -98,13 +98,14 @@ static void ipv6_to_env(const char *name, static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len) { size_t buf_len = strlen(name); + size_t buf_size = len + buf_len + 2; const uint8_t *fqdn_end = fqdn + len; char *buf = realloc(NULL, len + buf_len + 2); memcpy(buf, name, buf_len); buf[buf_len++] = '='; int l = 1; while (l > 0 && fqdn < fqdn_end) { - l = dn_expand(fqdn, &fqdn[len], fqdn, &buf[buf_len], len); + l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len); fqdn += l; buf_len += strlen(&buf[buf_len]); buf[buf_len++] = ' ';