From aabacd97af729d44fe6e6e171fb65b1086e23417 Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Mon, 13 May 2013 17:00:38 +0200
Subject: [PATCH] Fix possible buffer overflows in DNS handling

---
 src/script.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/script.c b/src/script.c
index 2c62bf2..b9bf0aa 100644
--- a/src/script.c
+++ b/src/script.c
@@ -98,13 +98,14 @@ static void ipv6_to_env(const char *name,
 static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len)
 {
 	size_t buf_len = strlen(name);
+	size_t buf_size = len + buf_len + 2;
 	const uint8_t *fqdn_end = fqdn + len;
 	char *buf = realloc(NULL, len + buf_len + 2);
 	memcpy(buf, name, buf_len);
 	buf[buf_len++] = '=';
 	int l = 1;
 	while (l > 0 && fqdn < fqdn_end) {
-		l = dn_expand(fqdn, &fqdn[len], fqdn, &buf[buf_len], len);
+		l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len);
 		fqdn += l;
 		buf_len += strlen(&buf[buf_len]);
 		buf[buf_len++] = ' ';
-- 
2.39.2