diff options
| author | Simon J. Gerraty <sjg@FreeBSD.org> | 2014-11-19 01:07:58 +0000 |
|---|---|---|
| committer | Simon J. Gerraty <sjg@FreeBSD.org> | 2014-11-19 01:07:58 +0000 |
| commit | 9268022b74279434ed6300244e3f977e56a8ceb5 (patch) | |
| tree | 377ac0ac449528621eb192cd245adadb5fd53668 /usr.sbin/rtadvd | |
| parent | 29c34e9d2781cf25403647fb5af7d7ddb23be7e1 (diff) | |
| parent | 8c3d6a4ab2a4a95d864d9a32d0157d7de90498a4 (diff) | |
| download | src-9268022b74279434ed6300244e3f977e56a8ceb5.tar.gz src-9268022b74279434ed6300244e3f977e56a8ceb5.zip | |
Notes
Diffstat (limited to 'usr.sbin/rtadvd')
| -rw-r--r-- | usr.sbin/rtadvd/advcap.c | 4 | ||||
| -rw-r--r-- | usr.sbin/rtadvd/config.c | 19 |
2 files changed, 17 insertions, 6 deletions
diff --git a/usr.sbin/rtadvd/advcap.c b/usr.sbin/rtadvd/advcap.c index 7280f4097d66..542e06649f92 100644 --- a/usr.sbin/rtadvd/advcap.c +++ b/usr.sbin/rtadvd/advcap.c @@ -149,9 +149,9 @@ getent(char *bp, char *name, const char *cfile) } break; } - if (cp >= bp + BUFSIZ) { + if (cp >= bp + BUFSIZ - 1) { write(STDERR_FILENO, "Remcap entry too long\n", - 23); + 22); break; } else *cp++ = c; diff --git a/usr.sbin/rtadvd/config.c b/usr.sbin/rtadvd/config.c index f0e11a346087..5c9d778e961f 100644 --- a/usr.sbin/rtadvd/config.c +++ b/usr.sbin/rtadvd/config.c @@ -77,10 +77,10 @@ static time_t prefix_timo = (60 * 120); /* 2 hours. static struct rtadvd_timer *prefix_timeout(void *); static void makeentry(char *, size_t, int, const char *); -static size_t dname_labelenc(char *, const char *); +static ssize_t dname_labelenc(char *, const char *); /* Encode domain name label encoding in RFC 1035 Section 3.1 */ -static size_t +static ssize_t dname_labelenc(char *dst, const char *src) { char *dst_origin; @@ -90,6 +90,8 @@ dname_labelenc(char *dst, const char *src) dst_origin = dst; len = strlen(src); + if (len + len / 64 + 1 + 1 > DNAME_LABELENC_MAXLEN) + return (-1); /* Length fields per 63 octets + '\0' (<= DNAME_LABELENC_MAXLEN) */ memset(dst, 0, len + len / 64 + 1 + 1); @@ -98,9 +100,13 @@ dname_labelenc(char *dst, const char *src) /* Put a length field with 63 octet limitation first. */ p = strchr(src, '.'); if (p == NULL) - *dst++ = len = MIN(63, len); + *dst = len = MIN(63, len); + else + *dst = len = MIN(63, p - src); + if (dst + 1 + len < dst_origin + DNAME_LABELENC_MAXLEN) + dst++; else - *dst++ = len = MIN(63, p - src); + return (-1); /* Copy 63 octets at most. */ memcpy(dst, src, len); dst += len; @@ -866,6 +872,11 @@ getconfig_free_rdn: abuf[c] = '\0'; ELM_MALLOC(dnsa, goto getconfig_free_dns); dnsa->da_len = dname_labelenc(dnsa->da_dom, abuf); + if (dnsa->da_len < 0) { + syslog(LOG_ERR, "Invalid dnssl entry: %s", + abuf); + goto getconfig_free_dns; + } syslog(LOG_DEBUG, "<%s>: dnsa->da_len = %d", __func__, dnsa->da_len); TAILQ_INSERT_TAIL(&dns->dn_list, dnsa, da_next); |