[PATCH] NUL-terminate gai->value for OPT_RESOLVE, fix out-of-bound read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Youfu Zhang <zhangyoufu at gmail.com>
---
 main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.c b/main.c
index 71be303..2210bdf 100644
--- a/main.c
+++ b/main.c
@@ -1174,7 +1174,7 @@ int main(int argc, char **argv)
 				fprintf(stderr, _("Missing colon in resolve option\n"));
 				exit(1);
 			}
-			gai = malloc(sizeof(*gai) + strlen(config_arg));
+			gai = malloc(sizeof(*gai) + strlen(config_arg) + 1);
 			if (!gai) {
 				fprintf(stderr, _("Failed to allocate memory\n"));
 				exit(1);
@@ -1182,7 +1182,7 @@ int main(int argc, char **argv)
 			gai->next = gai_overrides;
 			gai_overrides = gai;
 			gai->option = (void *)(gai + 1);
-			memcpy(gai->option, config_arg, strlen(config_arg));
+			memcpy(gai->option, config_arg, strlen(config_arg) + 1);
 			gai->option[ip - config_arg] = 0;
 			gai->value = gai->option + (ip - config_arg) + 1;
 			break;
-- 
2.8.4 (Apple Git-73)



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux