Merge pull request #423

234f576 miniupnpc: quick fix for buffer overflow (moneromooo-monero)
author: Riccardo Spagni <ric@spagni.net> 2015-10-11 21:23:39 +0200
committer: Riccardo Spagni <ric@spagni.net> 2015-10-11 21:24:00 +0200
commit: 28cb856b332c9210975acdef85e94b97df31a108 (patch)
tree: 67a8f04c0178f4927f9a52b2f19c9abc22d96ec0
parent: Merge pull request #420 (diff)
parent: miniupnpc: quick fix for buffer overflow (diff)
download: monero-28cb856b332c9210975acdef85e94b97df31a108.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/external/miniupnpc/igd_desc_parse.c b/external/miniupnpc/igd_desc_parse.c
index 0eaf21b6a..a43966232 100644
--- a/external/miniupnpc/igd_desc_parse.c
+++ b/external/miniupnpc/igd_desc_parse.c
@@ -15,6 +15,10 @@
 void IGDstartelt(void * d, const char * name, int l)
 {
 	struct IGDdatas * datas = (struct IGDdatas *)d;
+        if (l >= MINIUPNPC_URL_MAXSIZE) {
+          printf("Attempt to exploit miniupnpc buffer overflow\n");
+          l = MINIUPNPC_URL_MAXSIZE - 1;
+        }
 	memcpy( datas->cureltname, name, l);
 	datas->cureltname[l] = '\0';
 	datas->level++;
author	Riccardo Spagni <ric@spagni.net>	2015-10-11 21:23:39 +0200
committer	Riccardo Spagni <ric@spagni.net>	2015-10-11 21:24:00 +0200
commit	28cb856b332c9210975acdef85e94b97df31a108 (patch)
tree	67a8f04c0178f4927f9a52b2f19c9abc22d96ec0
parent	Merge pull request #420 (diff)
parent	miniupnpc: quick fix for buffer overflow (diff)
download	monero-28cb856b332c9210975acdef85e94b97df31a108.tar.xz