miniupnpc: quick fix for buffer overflow

http://talosintel.com/reports/TALOS-2015-0035/

reported by palexander on IRC
This commit is contained in:
moneromooo-monero 2015-10-09 15:17:21 +01:00
parent 5b47019cf4
commit 234f576565
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3

View file

@ -15,6 +15,10 @@
void IGDstartelt(void * d, const char * name, int l) void IGDstartelt(void * d, const char * name, int l)
{ {
struct IGDdatas * datas = (struct IGDdatas *)d; struct IGDdatas * datas = (struct IGDdatas *)d;
if (l >= MINIUPNPC_URL_MAXSIZE) {
printf("Attempt to exploit miniupnpc buffer overflow\n");
l = MINIUPNPC_URL_MAXSIZE - 1;
}
memcpy( datas->cureltname, name, l); memcpy( datas->cureltname, name, l);
datas->cureltname[l] = '\0'; datas->cureltname[l] = '\0';
datas->level++; datas->level++;