From 234f576565b9841b0085cc33d7e727afcdd43571 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Fri, 9 Oct 2015 15:17:21 +0100 Subject: [PATCH] miniupnpc: quick fix for buffer overflow http://talosintel.com/reports/TALOS-2015-0035/ reported by palexander on IRC --- external/miniupnpc/igd_desc_parse.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/external/miniupnpc/igd_desc_parse.c b/external/miniupnpc/igd_desc_parse.c index 0eaf21b6a..a43966232 100644 --- a/external/miniupnpc/igd_desc_parse.c +++ b/external/miniupnpc/igd_desc_parse.c @@ -15,6 +15,10 @@ void IGDstartelt(void * d, const char * name, int l) { struct IGDdatas * datas = (struct IGDdatas *)d; + if (l >= MINIUPNPC_URL_MAXSIZE) { + printf("Attempt to exploit miniupnpc buffer overflow\n"); + l = MINIUPNPC_URL_MAXSIZE - 1; + } memcpy( datas->cureltname, name, l); datas->cureltname[l] = '\0'; datas->level++;