Avoid copying buffer after dn_expand() fails

If dn_expand() returns an error we could copy from an uninitialised
output buffer or append the previous domain name again.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/src/script.c b/src/script.c
index f272c190afdaa3eb07a20c6c8c9a001557b717de..49f39c4ae2f28b57ed4dc9d86139bea1253adcec 100644 (file)
--- a/src/script.c
+++ b/src/script.c
@@ -118,9 +118,10 @@ static void fqdn_to_env(const char *name, const uint8_t *fqdn, size_t len)
        char *buf = realloc(NULL, len + buf_len + 2);
        memcpy(buf, name, buf_len);
        buf[buf_len++] = '=';
-       int l = 1;
-       while (l > 0 && fqdn < fqdn_end) {
-               l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len);
+       while (fqdn < fqdn_end) {
+               int l = dn_expand(fqdn, fqdn_end, fqdn, &buf[buf_len], buf_size - buf_len);
+               if (l <= 0)
+                       break;
                fqdn += l;
                buf_len += strlen(&buf[buf_len]);
                buf[buf_len++] = ' ';