aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2015-10-09 15:17:21 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2015-10-09 15:20:05 +0100
commit234f576565b9841b0085cc33d7e727afcdd43571 (patch)
tree67a8f04c0178f4927f9a52b2f19c9abc22d96ec0
parentMerge pull request #420 (diff)
downloadmonero-234f576565b9841b0085cc33d7e727afcdd43571.tar.xz
miniupnpc: quick fix for buffer overflow
http://talosintel.com/reports/TALOS-2015-0035/ reported by palexander on IRC
-rw-r--r--external/miniupnpc/igd_desc_parse.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/external/miniupnpc/igd_desc_parse.c b/external/miniupnpc/igd_desc_parse.c
index 0eaf21b6a..a43966232 100644
--- a/external/miniupnpc/igd_desc_parse.c
+++ b/external/miniupnpc/igd_desc_parse.c
@@ -15,6 +15,10 @@
void IGDstartelt(void * d, const char * name, int l)
{
struct IGDdatas * datas = (struct IGDdatas *)d;
+ if (l >= MINIUPNPC_URL_MAXSIZE) {
+ printf("Attempt to exploit miniupnpc buffer overflow\n");
+ l = MINIUPNPC_URL_MAXSIZE - 1;
+ }
memcpy( datas->cureltname, name, l);
datas->cureltname[l] = '\0';
datas->level++;