From 4a1e982b7733ac84936ff4f7d992dbea18dd0076 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Wed, 8 Feb 2017 14:24:07 +0100
Subject: llmnr-query: Account for terminating NULL byte in address string
 buffer

If the IPv6 address in the reply is 48 bytes long, inet_ntop() would
overflow the addr buffer. Account for the terminating NULL byte.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 llmnr-query.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/llmnr-query.c b/llmnr-query.c
index d2fda6b..5de2c6b 100644
--- a/llmnr-query.c
+++ b/llmnr-query.c
@@ -330,7 +330,7 @@ int main(int argc, char **argv)
 
 			for (j = 0; j < ancount; ++j) {
 				uint8_t nl = *pkt_put(p, 1);
-				char addr[INET6_ADDRSTRLEN];
+				char addr[INET6_ADDRSTRLEN + 1];
 				uint16_t type, clss, addr_size;
 				uint32_t ttl;
 				const char *name;
@@ -363,6 +363,7 @@ int main(int argc, char **argv)
 
 				if (!inet_ntop(af, pkt_put(p, addr_size), addr, ARRAY_SIZE(addr)))
 					strncpy(addr, "<invalid>", sizeof(addr));
+				addr[INET6_ADDRSTRLEN] = '\0';
 
 				log_info("LLMNR response: %s IN %s %s (TTL %d)\n", name, query_type(type), addr, ttl);
 			}
-- 
cgit v1.2.3-54-g00ecf