diff options
| author | Tobias Klauser <tklauser@distanz.ch> | 2017-02-28 10:19:38 +0100 |
|---|---|---|
| committer | Tobias Klauser <tklauser@distanz.ch> | 2017-02-28 10:19:38 +0100 |
| commit | 29deb4c762b2ba9dc7eb370b5a04611dad0d8525 (patch) | |
| tree | 9d02eaad5d08ebfa2e54c1942c2f0655576bb989 | |
| parent | b7a77aa21b1fefea16993cd9b732f39a45cd6b80 (diff) | |
llmnr-query: Fix missing NULL byte
If the domain name in the response is <len> <octets> <00>, the code
copies 'len' octets to name[], but does not add a terminating NULL
character. The same may happen in the "compression" case.
Fix this by adding a NULL byte in both cases.
Patch constributed by @tbetker.
Fixes #22
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
| -rw-r--r-- | llmnr-query.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/llmnr-query.c b/llmnr-query.c index 1706add..e5d3557 100644 --- a/llmnr-query.c +++ b/llmnr-query.c @@ -344,12 +344,13 @@ int main(int argc, char **argv) if (ptr < p->size - 1) { uint8_t nnl = p->data[ptr]; strncpy(name, (char *)&p->data[ptr + 1], nnl); + name[nnl] = '\0'; } else strncpy(name, "<invalid>", LLMNR_LABEL_MAX_SIZE); - } else + } else { strncpy(name, (char *)pkt_put(p, nl + 1), nl); - - name[LLMNR_LABEL_MAX_SIZE] = '\0'; + name[nl] = '\0'; + } type = htons(pkt_put_extract_u16(p)); clss = htons(pkt_put_extract_u16(p)); |