From aabacd97af729d44fe6e6e171fb65b1086e23417 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Mon, 13 May 2013 17:00:38 +0200 Subject: [PATCH] Fix possible buffer overflows in DNS handling --- src/script.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/script.c b/src/script.c index 2c62bf2..b9bf0aa 100644 --- a/src/script.c +++ b/src/script.c @@ -98,13 +98,14 @@ static void ipv6_to_env(const char *name, static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len) { size_t buf_len = strlen(name); + size_t buf_size = len + buf_len + 2; const uint8_t *fqdn_end = fqdn + len; char *buf = realloc(NULL, len + buf_len + 2); memcpy(buf, name, buf_len); buf[buf_len++] = '='; int l = 1; while (l > 0 && fqdn < fqdn_end) { - l = dn_expand(fqdn, &fqdn[len], fqdn, &buf[buf_len], len); + l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len); fqdn += l; buf_len += strlen(&buf[buf_len]); buf[buf_len++] = ' '; -- 2.25.1