diff options
author | allfro <ndouba@gmail.com> | 2011-07-30 10:18:28 -0300 |
---|---|---|
committer | allfro <ndouba@gmail.com> | 2011-07-30 10:18:28 -0300 |
commit | f0698e1ed77c2d83491a42e5402ac738596c75e6 (patch) | |
tree | 36fe9cbe7be0cb51ae07eed0163c6042dec6fe21 | |
parent | 772cfb762ac661cb5a1cf88da480c26a6762d2c3 (diff) | |
download | libnet-f0698e1ed77c2d83491a42e5402ac738596c75e6.tar.gz |
Fixes a buffer overflow issue when copying chaddr, file, and sname fields to the DHCP header.
-rw-r--r-- | libnet/src/libnet_build_dhcp.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/libnet/src/libnet_build_dhcp.c b/libnet/src/libnet_build_dhcp.c index ed80230..d147958 100644 --- a/libnet/src/libnet_build_dhcp.c +++ b/libnet/src/libnet_build_dhcp.c @@ -83,8 +83,7 @@ libnet_t *l, libnet_ptag_t ptag) if (chaddr) { - memcpy(dhcp_hdr.dhcp_chaddr, chaddr, sizeof (dhcp_hdr.dhcp_chaddr)); - dhcp_hdr.dhcp_chaddr[sizeof(dhcp_hdr.dhcp_chaddr) - 1] = 0; + strncpy((char *)dhcp_hdr.dhcp_chaddr, (const char *)chaddr, sizeof (dhcp_hdr.dhcp_chaddr) - 2); } else { @@ -93,8 +92,7 @@ libnet_t *l, libnet_ptag_t ptag) if (sname) { - memcpy(dhcp_hdr.dhcp_sname, sname, sizeof (dhcp_hdr.dhcp_sname)); - dhcp_hdr.dhcp_sname[sizeof(dhcp_hdr.dhcp_sname) - 1] = 0; + strncpy((const char *)dhcp_hdr.dhcp_sname, (char *)sname, sizeof (dhcp_hdr.dhcp_sname) - 2); } else { @@ -103,8 +101,7 @@ libnet_t *l, libnet_ptag_t ptag) if (file) { - memcpy(dhcp_hdr.dhcp_file, file, sizeof (dhcp_hdr.dhcp_file)); - dhcp_hdr.dhcp_file[sizeof(dhcp_hdr.dhcp_file) - 1] = 0; + strncpy(dhcp_hdr.dhcp_file, file, sizeof (dhcp_hdr.dhcp_file) - 2); } else { @@ -153,4 +150,4 @@ libnet_t *l, libnet_ptag_t ptag) l, ptag)); } -/* EOF */ +/* EOF */
\ No newline at end of file |