miniupnpc: quick fix for buffer overflow

http://talosintel.com/reports/TALOS-2015-0035/ reported by palexander on IRC
9 years ago · 234f576565
parent 5b47019cf4
commit 234f576565
1 changed files with 4 additions and 0 deletions
--- a/external/miniupnpc/igd_desc_parse.c
+++ b/external/miniupnpc/igd_desc_parse.c
@ -15,6 +15,10 @@
 void IGDstartelt(void * d, const char * name, int l)
 {
 	struct IGDdatas * datas = (struct IGDdatas *)d;
+        if (l >= MINIUPNPC_URL_MAXSIZE) {
+          printf("Attempt to exploit miniupnpc buffer overflow\n");
+          l = MINIUPNPC_URL_MAXSIZE - 1;
+        }
 	memcpy( datas->cureltname, name, l);
 	datas->cureltname[l] = '\0';
 	datas->level++;