From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 22 Jan 2016 18:02:04 +0000 (+0000)
Subject: Fix potential buffer overflow in entry_to_env
X-Git-Tag: debian/1.1+git20160131-1~8^2~7
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=odhcp6c.git;a=commitdiff_plain;h=a6bbd1d7f5c25b092f143b579860a44e5b0f929e;hp=a6bbd1d7f5c25b092f143b579860a44e5b0f929e

Fix potential buffer overflow in entry_to_env

It appears that an entry of type ENTRY_PREFIX with iaid != 1 and an
exclusion can expand to a string of length up to 154 bytes, whereas we
allocate only 144 bytes per entry.

Also, in case of truncation, snprintf() returns the length of the
un-truncated output so we must not use this to increment buf_len.

Finally some of the lengths given to snprintf() are unnecessarily
generous.  Reduce them so we don't have to increase the allocated
length per entry further.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---