From: Kevin Wolf <kwolf@redhat.com>
Date: Fri, 30 Jan 2015 19:37:55 +0000 (+0100)
Subject: qemu-sockets: Fix buffer overflow in inet_parse()
X-Git-Tag: v2.3.0-rc0~64^2~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=55a10996034cb2e633f0437cedd97f345183c0ec;p=thirdparty%2Fqemu.git

qemu-sockets: Fix buffer overflow in inet_parse()

The size of the stack allocated host[] array didn't account for the
terminating '\0' byte that sscanf() writes. Fix the array size.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index cf4b91f7f55..61fc3c13649 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -512,7 +512,7 @@ InetSocketAddress *inet_parse(const char *str, Error **errp)
 {
     InetSocketAddress *addr;
     const char *optstr, *h;
-    char host[64];
+    char host[65];
     char port[33];
     int to;
     int pos;