summaryrefslogtreecommitdiff
path: root/llmnr.c
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2017-02-08 08:45:47 +0100
committerTobias Klauser <tklauser@distanz.ch>2017-02-08 09:34:29 +0100
commit5ff55246e69340fbcf1fa1283c9bd259aae8b2c6 (patch)
tree30022b784e96a36e321f2cf355ee03e4bbf373af /llmnr.c
parent371de55728931fc253763328ae322ce9512afba1 (diff)
llmnrd: Check query name length against LLMNR_LABEL_MAX_SIZE
Make sure the hostname buffer is not accessed out of bounds. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Diffstat (limited to 'llmnr.c')
-rw-r--r--llmnr.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/llmnr.c b/llmnr.c
index 0b35ae7..ec7726e 100644
--- a/llmnr.c
+++ b/llmnr.c
@@ -216,8 +216,9 @@ static void llmnr_packet_process(unsigned int ifindex, const uint8_t *pktbuf, si
query = pktbuf + sizeof(struct llmnr_hdr);
query_len = len - sizeof(struct llmnr_hdr);
name_len = query[0];
+
/* Invalid name in query? */
- if (name_len == 0 || name_len >= query_len || query[1 + name_len] != 0)
+ if (name_len == 0 || name_len >= query_len || name_len > LLMNR_LABEL_MAX_SIZE || query[1 + name_len] != 0)
return;
/* Authoritative? */