From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 9 Aug 2013 09:34:14 +0000 (+0200)
Subject: * Fix buffer overflow in fget_token and bget_token.
X-Git-Tag: release-1.6.17rc1~74^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8c779fbf963d5c45fbd7616fc1a13c216d9b2fa;p=thirdparty%2Fldns.git

* Fix buffer overflow in fget_token and bget_token.
---

diff --git a/Changelog b/Changelog
index b07a489c..5b969845 100644
--- a/Changelog
+++ b/Changelog
@@ -30,6 +30,7 @@
 	  dictionary.  Patch from shussain.
 	* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
 	  file pointer.
+	* Fix buffer overflow in fget_token and bget_token.
 
 1.6.16	2012-11-13
 	* Fix Makefile to build pyldns with BSD make
diff --git a/parse.c b/parse.c
index 8849effa..710c4e70 100644
--- a/parse.c
+++ b/parse.c
@@ -135,7 +135,7 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
 		if (c != '\0' && c != '\n') {
 			i++;
 		}
-		if (limit > 0 && i >= limit) {
+		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
 			*t = '\0';
 			return -1;
 		}
@@ -308,7 +308,7 @@ ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit)
 		}
 
 		i++;
-		if (limit > 0 && i >= limit) {
+		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
 			*t = '\0';
 			return -1;
 		}