miniupnpc: quick fix for buffer overflow
http://talosintel.com/reports/TALOS-2015-0035/ reported by palexander on IRC
This commit is contained in:
parent
82d7e79ea0
commit
be2764aa9e
|
@ -15,6 +15,10 @@
|
||||||
void IGDstartelt(void * d, const char * name, int l)
|
void IGDstartelt(void * d, const char * name, int l)
|
||||||
{
|
{
|
||||||
struct IGDdatas * datas = (struct IGDdatas *)d;
|
struct IGDdatas * datas = (struct IGDdatas *)d;
|
||||||
|
if (l >= MINIUPNPC_URL_MAXSIZE) {
|
||||||
|
printf("Attempt to exploit miniupnpc buffer overflow\n");
|
||||||
|
l = MINIUPNPC_URL_MAXSIZE - 1;
|
||||||
|
}
|
||||||
memcpy( datas->cureltname, name, l);
|
memcpy( datas->cureltname, name, l);
|
||||||
datas->cureltname[l] = '\0';
|
datas->cureltname[l] = '\0';
|
||||||
datas->level++;
|
datas->level++;
|
||||||
|
|
Loading…
Reference in New Issue