diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2015-10-09 15:17:21 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2015-10-09 15:20:05 +0100 |
commit | 234f576565b9841b0085cc33d7e727afcdd43571 (patch) | |
tree | 67a8f04c0178f4927f9a52b2f19c9abc22d96ec0 /external | |
parent | Merge pull request #420 (diff) | |
download | monero-234f576565b9841b0085cc33d7e727afcdd43571.tar.xz |
miniupnpc: quick fix for buffer overflow
http://talosintel.com/reports/TALOS-2015-0035/
reported by palexander on IRC
Diffstat (limited to '')
-rw-r--r-- | external/miniupnpc/igd_desc_parse.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/external/miniupnpc/igd_desc_parse.c b/external/miniupnpc/igd_desc_parse.c index 0eaf21b6a..a43966232 100644 --- a/external/miniupnpc/igd_desc_parse.c +++ b/external/miniupnpc/igd_desc_parse.c @@ -15,6 +15,10 @@ void IGDstartelt(void * d, const char * name, int l) { struct IGDdatas * datas = (struct IGDdatas *)d; + if (l >= MINIUPNPC_URL_MAXSIZE) { + printf("Attempt to exploit miniupnpc buffer overflow\n"); + l = MINIUPNPC_URL_MAXSIZE - 1; + } memcpy( datas->cureltname, name, l); datas->cureltname[l] = '\0'; datas->level++; |