adnsresfilter: Fix addrtextbuf buffer size

We can write 18 bytes (including the trailing nul) to this.  This is
not actually a problem in real compiled code because: cbyte is
generally the next thing; cbytes's alignment means that there are a
further two bytes of padding; and we only write the next two bytes
(']' and a nul) in a situation where we are done with cbyte anyway.

But it should be fixed.

Reported-by: Ron Henderson
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/changelog b/changelog
index 3449f335fcadf2a4b8590abed9c5a7b7ecac0d90..487c24e3c28799188c67b36b50655f18241c2583 100644 (file)
--- a/changelog
+++ b/changelog
@@ -12,6 +12,8 @@ adns (1.5.1~~) UPSTREAM; urgency=low
     when one of the address queries returns a permanent error (although,
     the application almost certainly won't use this pointer because the
     associated count is zero).
+  * adnsresfilter: Fix addrtextbuf buffer size.  This is not actually a
+    problem in real compiled code but should be corrected.
 
  --
 

diff --git a/client/adnsresfilter.c b/client/adnsresfilter.c
index 770af173169abc589897371ef9ff1de441f848b7..3e5255cac2b2302ca92a8ee34c7236a4b0cb7f64 100644 (file)
--- a/client/adnsresfilter.c
+++ b/client/adnsresfilter.c
@@ -67,7 +67,7 @@ static int peroutqueuenode, outqueuelen;
 static struct sockaddr_in sa;
 static adns_state ads;
 
-static char addrtextbuf[14];
+static char addrtextbuf[18]; /* [ddd.ddd.ddd.ddd] + nul */
 static int cbyte, inbyte, inbuf;
 static unsigned char bytes[4];
 static struct timeval printbefore;