From 79cca974a4c2ab1199786732a67ff6d898051b78 Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Tue, 15 Sep 2015 15:32:33 +0200 Subject: [PATCH] igd_desc_parse.c: fix buffer overflow --- miniupnpc/igd_desc_parse.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/miniupnpc/igd_desc_parse.c b/miniupnpc/igd_desc_parse.c index 892a090..d2999ad 100644 --- a/miniupnpc/igd_desc_parse.c +++ b/miniupnpc/igd_desc_parse.c @@ -1,8 +1,8 @@ -/* $Id: igd_desc_parse.c,v 1.16 2014/11/17 17:19:13 nanard Exp $ */ +/* $Id: igd_desc_parse.c,v 1.17 2015/09/15 13:30:04 nanard Exp $ */ /* Project : miniupnp * http://miniupnp.free.fr/ * Author : Thomas Bernard - * Copyright (c) 2005-2014 Thomas Bernard + * Copyright (c) 2005-2015 Thomas Bernard * This software is subject to the conditions detailed in the * LICENCE file provided in this distribution. */ @@ -15,7 +15,9 @@ void IGDstartelt(void * d, const char * name, int l) { struct IGDdatas * datas = (struct IGDdatas *)d; - memcpy( datas->cureltname, name, l); + if(l >= MINIUPNPC_URL_MAXSIZE) + l = MINIUPNPC_URL_MAXSIZE-1; + memcpy(datas->cureltname, name, l); datas->cureltname[l] = '\0'; datas->level++; if( (l==7) && !memcmp(name, "service", l) ) {