From 121a043f6dd1b6c6171dae3c041cb50693eae63f Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 22 Jan 2016 20:15:31 +0000 Subject: [PATCH] Avoid copying buffer after dn_expand() fails If dn_expand() returns an error we could copy from an uninitialised output buffer or append the previous domain name again. Signed-off-by: Ben Hutchings --- src/script.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/script.c b/src/script.c index f272c19..49f39c4 100644 --- a/src/script.c +++ b/src/script.c @@ -118,9 +118,10 @@ static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len) char *buf = realloc(NULL, len + buf_len + 2); memcpy(buf, name, buf_len); buf[buf_len++] = '='; - int l = 1; - while (l > 0 && fqdn < fqdn_end) { - l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len); + while (fqdn < fqdn_end) { + int l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len); + if (l <= 0) + break; fqdn += l; buf_len += strlen(&buf[buf_len]); buf[buf_len++] = ' '; -- 2.25.1