From 4a1e982b7733ac84936ff4f7d992dbea18dd0076 Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Wed, 8 Feb 2017 14:24:07 +0100 Subject: llmnr-query: Account for terminating NULL byte in address string buffer If the IPv6 address in the reply is 48 bytes long, inet_ntop() would overflow the addr buffer. Account for the terminating NULL byte. Signed-off-by: Tobias Klauser --- llmnr-query.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/llmnr-query.c b/llmnr-query.c index d2fda6b..5de2c6b 100644 --- a/llmnr-query.c +++ b/llmnr-query.c @@ -330,7 +330,7 @@ int main(int argc, char **argv) for (j = 0; j < ancount; ++j) { uint8_t nl = *pkt_put(p, 1); - char addr[INET6_ADDRSTRLEN]; + char addr[INET6_ADDRSTRLEN + 1]; uint16_t type, clss, addr_size; uint32_t ttl; const char *name; @@ -363,6 +363,7 @@ int main(int argc, char **argv) if (!inet_ntop(af, pkt_put(p, addr_size), addr, ARRAY_SIZE(addr))) strncpy(addr, "", sizeof(addr)); + addr[INET6_ADDRSTRLEN] = '\0'; log_info("LLMNR response: %s IN %s %s (TTL %d)\n", name, query_type(type), addr, ttl); } -- cgit v1.2.3-54-g00ecf