From: Steven Barth <steven@midlink.org>
Date: Fri, 29 Jan 2016 06:10:51 +0000 (+0100)
Subject: Merge pull request #43 from bwhacks/security-fixes
X-Git-Tag: debian/1.1+git20160131-1~6
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=odhcp6c.git;a=commitdiff_plain;h=3609bab1361ed3f92e19f7309dd6e7fd64bc4083;hp=c47e4f59ef87ef94b84023e260bfadd9df6e5a82

Merge pull request #43 from bwhacks/security-fixes

Security/regression fixes
---

diff --git a/src/odhcp6c.c b/src/odhcp6c.c
index 1714d62..59f6390 100644
--- a/src/odhcp6c.c
+++ b/src/odhcp6c.c
@@ -619,7 +619,7 @@ static void odhcp6c_expire_list(enum odhcp6c_state state, uint32_t elapsed)
 	uint8_t *start = odhcp6c_get_state(state, &len);
 	for (struct odhcp6c_entry *c = (struct odhcp6c_entry*)start;
 			(uint8_t*)c < &start[len] && &c->auxtarget[c->auxlen] <= &start[len];
-			c = (struct odhcp6c_entry*)(&c->auxtarget[c->auxlen])) {
+			) {
 		if (c->t1 < elapsed)
 			c->t1 = 0;
 		else if (c->t1 != UINT32_MAX)
@@ -640,8 +640,12 @@ static void odhcp6c_expire_list(enum odhcp6c_state state, uint32_t elapsed)
 		else if (c->valid != UINT32_MAX)
 			c->valid -= elapsed;
 
-		if (!c->valid)
+		if (!c->valid) {
 			odhcp6c_remove_state(state, ((uint8_t*)c) - start, sizeof(*c) + c->auxlen);
+			start = odhcp6c_get_state(state, &len);
+		} else {
+			c = (struct odhcp6c_entry*)(&c->auxtarget[c->auxlen]);
+		}
 	}
 }
 
diff --git a/src/script.c b/src/script.c
index 5955e94..b20e94c 100644
--- a/src/script.c
+++ b/src/script.c
@@ -105,7 +105,9 @@ static void ipv6_to_env(const char *name,
 		buf_len += strlen(&buf[buf_len]);
 		buf[buf_len++] = ' ';
 	}
-	buf[buf_len - 1] = '\0';
+	if (buf[buf_len - 1] == ' ')
+		buf_len--;
+	buf[buf_len] = '\0';
 	putenv(buf);
 }
 
@@ -126,7 +128,9 @@ static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len)
 		buf_len += strlen(&buf[buf_len]);
 		buf[buf_len++] = ' ';
 	}
-	buf[buf_len - 1] = '\0';
+	if (buf[buf_len - 1] == ' ')
+		buf_len--;
+	buf[buf_len] = '\0';
 	putenv(buf);
 }
 
@@ -201,7 +205,9 @@ static void entry_to_env(const char *name, const void *data, size_t len, enum en
 		buf[buf_len++] = ' ';
 	}
 
-	buf[buf_len - 1] = '\0';
+	if (buf[buf_len - 1] == ' ')
+		buf_len--;
+	buf[buf_len] = '\0';
 	putenv(buf);
 }
 
@@ -220,7 +226,9 @@ static void search_to_env(const char *name, const uint8_t *start, size_t len)
 		*c++ = ' ';
 	}
 
-	c[-1] = '\0';
+	if (c[-1] == ' ')
+		c--;
+	*c = '\0';
 	putenv(buf);
 }