From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 22 Jan 2016 19:07:52 +0000 (+0000)
Subject: Fix off-by-one in buffer length in int_to_env
X-Git-Tag: debian/1.1+git20160131-1~8^2~6
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=odhcp6c.git;a=commitdiff_plain;h=62968599557ac81b0f811481f6b06886ddcf0cdb;hp=a6bbd1d7f5c25b092f143b579860a44e5b0f929e

Fix off-by-one in buffer length in int_to_env

We need to allow for '=', negative sign, 10 digits and the null
terminator, adding up to 13 bytes not 12.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

diff --git a/src/script.c b/src/script.c
index 83fbea5..89cb0d6 100644
--- a/src/script.c
+++ b/src/script.c
@@ -227,7 +227,7 @@ static void search_to_env(const char *name, const uint8_t *start, size_t len)
 
 static void int_to_env(const char *name, int value)
 {
-	size_t len = 12 + strlen(name);
+	size_t len = 13 + strlen(name);
 	char *buf = realloc(NULL, len);
 	snprintf(buf, len, "%s=%d", name, value);
 	putenv(buf);