From 9ec836c033fc6e55e80f3309b3e05acdf09bb297 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Tue, 3 Dec 2019 14:52:17 +0100 Subject: [PATCH] whois: limit total length of response to 32+2 kb function old new delta query 517 554 +37 Signed-off-by: Denys Vlasenko --- networking/whois.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/networking/whois.c b/networking/whois.c index 55e1de964..caa71ac51 100644 --- a/networking/whois.c +++ b/networking/whois.c @@ -53,7 +53,9 @@ static char *query(const char *host, int port, const char *domain) fp = xfdopen_for_read(fd); success = 0; - while (fgets(linebuf, sizeof(linebuf)-1, fp)) { + while (bufpos < 32*1024 /* paranoia */ + && fgets(linebuf, sizeof(linebuf)-1, fp) + ) { unsigned len; len = strcspn(linebuf, "\r\n"); -- 2.25.1