From 29deb4c762b2ba9dc7eb370b5a04611dad0d8525 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Tue, 28 Feb 2017 10:19:38 +0100
Subject: llmnr-query: Fix missing NULL byte

If the domain name in the response is <len> <octets> <00>, the code
copies 'len' octets to name[], but does not add a terminating NULL
character. The same may happen in the "compression" case.

Fix this by adding a NULL byte in both cases.

Patch constributed by @tbetker.

Fixes #22
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 llmnr-query.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/llmnr-query.c b/llmnr-query.c
index 1706add..e5d3557 100644
--- a/llmnr-query.c
+++ b/llmnr-query.c
@@ -344,12 +344,13 @@ int main(int argc, char **argv)
 					if (ptr < p->size - 1) {
 						uint8_t nnl = p->data[ptr];
 						strncpy(name, (char *)&p->data[ptr + 1], nnl);
+						name[nnl] = '\0';
 					} else
 						strncpy(name, "<invalid>", LLMNR_LABEL_MAX_SIZE);
-				} else
+				} else {
 					strncpy(name, (char *)pkt_put(p, nl + 1), nl);
-
-				name[LLMNR_LABEL_MAX_SIZE] = '\0';
+					name[nl] = '\0';
+				}
 
 				type = htons(pkt_put_extract_u16(p));
 				clss = htons(pkt_put_extract_u16(p));
-- 
cgit v1.2.3-54-g00ecf