Check bootp_filename is not going to be truncated

If the given bootp_filename is too long, it is silently truncated in bootp.c snprintf(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2020-01-20 23:58:03 +0400
committer: Marc-André Lureau <marcandre.lureau@redhat.com> 2020-01-22 13:16:21 +0400
commit: 8ecd026e04edaa80a0b264e786a9bb2ee380b31b (patch)
tree: d7d10190416f5541bf97d83b4c811268ccaac291
parent: d8e3c6030b729f581f382e0e7f9334b776ae0982 (diff)
download: slirp-8ecd026e04edaa80a0b264e786a9bb2ee380b31b.zip
slirp-8ecd026e04edaa80a0b264e786a9bb2ee380b31b.tar.gz
slirp-8ecd026e04edaa80a0b264e786a9bb2ee380b31b.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/slirp.c b/src/slirp.c
index e82e7e8..e0b53a7 100644
--- a/src/slirp.c
+++ b/src/slirp.c
@@ -278,6 +278,9 @@ Slirp *slirp_new(const SlirpConfig *cfg, const SlirpCb *callbacks, void *opaque)
     g_return_val_if_fail(cfg->if_mtu <= IF_MTU_MAX, NULL);
     g_return_val_if_fail(cfg->if_mru >= IF_MRU_MIN || cfg->if_mru == 0, NULL);
     g_return_val_if_fail(cfg->if_mru <= IF_MRU_MAX, NULL);
+    g_return_val_if_fail(!cfg->bootfile ||
+                         (strlen(cfg->bootfile) <
+                          G_SIZEOF_MEMBER(struct bootp_t, bp_file)), NULL);
 
     slirp = g_malloc0(sizeof(Slirp));
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2020-01-20 23:58:03 +0400
committer	Marc-André Lureau <marcandre.lureau@redhat.com>	2020-01-22 13:16:21 +0400
commit	8ecd026e04edaa80a0b264e786a9bb2ee380b31b (patch)
tree	d7d10190416f5541bf97d83b4c811268ccaac291
parent	d8e3c6030b729f581f382e0e7f9334b776ae0982 (diff)
download	slirp-8ecd026e04edaa80a0b264e786a9bb2ee380b31b.zip slirp-8ecd026e04edaa80a0b264e786a9bb2ee380b31b.tar.gz slirp-8ecd026e04edaa80a0b264e786a9bb2ee380b31b.tar.bz2