miniupnpc: quick fix for buffer overflow
http://talosintel.com/reports/TALOS-2015-0035/ reported by palexander on IRC
This commit is contained in:
parent
5b47019cf4
commit
234f576565
|
@ -15,6 +15,10 @@
|
|||
void IGDstartelt(void * d, const char * name, int l)
|
||||
{
|
||||
struct IGDdatas * datas = (struct IGDdatas *)d;
|
||||
if (l >= MINIUPNPC_URL_MAXSIZE) {
|
||||
printf("Attempt to exploit miniupnpc buffer overflow\n");
|
||||
l = MINIUPNPC_URL_MAXSIZE - 1;
|
||||
}
|
||||
memcpy( datas->cureltname, name, l);
|
||||
datas->cureltname[l] = '\0';
|
||||
datas->level++;
|
||||
|
|
Loading…
Reference in New Issue