miniupnpc: quick fix for buffer overflow

http://talosintel.com/reports/TALOS-2015-0035/

reported by palexander on IRC
This commit is contained in:
moneromooo-monero 2015-10-09 15:17:21 +01:00
parent 82d7e79ea0
commit be2764aa9e
No known key found for this signature in database
GPG Key ID: 686F07454D6CEFC3
1 changed files with 4 additions and 0 deletions

View File

@ -15,6 +15,10 @@
void IGDstartelt(void * d, const char * name, int l) void IGDstartelt(void * d, const char * name, int l)
{ {
struct IGDdatas * datas = (struct IGDdatas *)d; struct IGDdatas * datas = (struct IGDdatas *)d;
if (l >= MINIUPNPC_URL_MAXSIZE) {
printf("Attempt to exploit miniupnpc buffer overflow\n");
l = MINIUPNPC_URL_MAXSIZE - 1;
}
memcpy( datas->cureltname, name, l); memcpy( datas->cureltname, name, l);
datas->cureltname[l] = '\0'; datas->cureltname[l] = '\0';
datas->level++; datas->level++;