fix potential buffer overflow when txt records are forged
authorJohn Crispin <blogic@openwrt.org>
Wed, 27 Aug 2014 17:49:04 +0000 (19:49 +0200)
committerJohn Crispin <blogic@openwrt.org>
Wed, 27 Aug 2014 17:50:40 +0000 (19:50 +0200)
Signed-off-by: John Crispin <blogic@openwrt.org>
cache.c

diff --git a/cache.c b/cache.c
index e775537fedc5318e5bd8ef12a32d37486187c931..cdc4a792c122cfe7f642ddd38d6d6576d489f19e 100644 (file)
--- a/cache.c
+++ b/cache.c
@@ -274,7 +274,7 @@ cache_answer(struct interface *iface, uint8_t *base, int blen, char *name, struc
                        uint8_t v = *p;
 
                        *p = '\0';
-                       if (v)
+                       if (v && p + v < &rdata_buffer[rdlength])
                                p += v + 1;
                } while (*p);
                break;