NUL-terminate gai->value for OPT_RESOLVE, fix out-of-bound read

author Youfu Zhang <zhangyoufu@gmail.com>

Tue, 2 May 2017 05:31:35 +0000 (13:31 +0800)

committer David Woodhouse <dwmw2@infradead.org>

Fri, 12 May 2017 15:14:24 +0000 (16:14 +0100)
author Youfu Zhang <zhangyoufu@gmail.com>
Tue, 2 May 2017 05:31:35 +0000 (13:31 +0800)
committer David Woodhouse <dwmw2@infradead.org>
Fri, 12 May 2017 15:14:24 +0000 (16:14 +0100)
diff --git a/main.c b/main.c

index 71be3031c89a445dd2a9e0cb5003d8d0227a912c..2210bdf22ff91bd16cee4f0edb19f6644eddeaf9 100644 (file)
--- a/main.c
+++ b/main.c
@@ -1174,7 +1174,7 @@ int main(int argc, char **argv)
                                 fprintf(stderr, _("Missing colon in resolve option\n"));
                                 exit(1);
                         }
-                       gai = malloc(sizeof(*gai) + strlen(config_arg));
+                       gai = malloc(sizeof(*gai) + strlen(config_arg) + 1);
                         if (!gai) {
                                 fprintf(stderr, _("Failed to allocate memory\n"));
                                 exit(1);
@@ -1182,7 +1182,7 @@ int main(int argc, char **argv)
                         gai->next = gai_overrides;
                         gai_overrides = gai;
                         gai->option = (void *)(gai + 1);
-                       memcpy(gai->option, config_arg, strlen(config_arg));
+                       memcpy(gai->option, config_arg, strlen(config_arg) + 1);
                         gai->option[ip - config_arg] = 0;
                         gai->value = gai->option + (ip - config_arg) + 1;
                         break;
author	Youfu Zhang <zhangyoufu@gmail.com>
	Tue, 2 May 2017 05:31:35 +0000 (13:31 +0800)
committer	David Woodhouse <dwmw2@infradead.org>
	Fri, 12 May 2017 15:14:24 +0000 (16:14 +0100)