[PATCH] NUL-terminate gai->value for OPT_RESOLVE, fix out-of-bound read
Youfu Zhang
zhangyoufu at gmail.com
Mon May 1 22:31:35 PDT 2017
Signed-off-by: Youfu Zhang <zhangyoufu at gmail.com>
---
main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/main.c b/main.c
index 71be303..2210bdf 100644
--- a/main.c
+++ b/main.c
@@ -1174,7 +1174,7 @@ int main(int argc, char **argv)
fprintf(stderr, _("Missing colon in resolve option\n"));
exit(1);
}
- gai = malloc(sizeof(*gai) + strlen(config_arg));
+ gai = malloc(sizeof(*gai) + strlen(config_arg) + 1);
if (!gai) {
fprintf(stderr, _("Failed to allocate memory\n"));
exit(1);
@@ -1182,7 +1182,7 @@ int main(int argc, char **argv)
gai->next = gai_overrides;
gai_overrides = gai;
gai->option = (void *)(gai + 1);
- memcpy(gai->option, config_arg, strlen(config_arg));
+ memcpy(gai->option, config_arg, strlen(config_arg) + 1);
gai->option[ip - config_arg] = 0;
gai->value = gai->option + (ip - config_arg) + 1;
break;
--
2.8.4 (Apple Git-73)
More information about the openconnect-devel
mailing list