Fix buffer overflow and null pointer dereference in mDNSResponder (CVE-2015-7988).

BUG: 25852056 Test: None (cherry-picked from 5cb016d58af2cdc40c20fa435b8143a72ddf01a2) Change-Id: I67a8262caf48b42ccb2f41adae63c22f7f4ee4c8
author: Pierre Imai <imaipi@google.com> 2016-01-08 13:20:54 +0900
committer: Casey Dahlin <sadmac@google.com> 2017-03-09 14:29:25 -0800
commit: 5e33e384dc5d19f8aa63ecd4a157e7acbaed579f (patch)
tree: 5811fe04a3ddca6c77f6e57fbfa036f879226ed1 /mDNSPosix/mDNSPosix.c
parent: 918d4611096dbb72ea44f46c2d72ce2e36f38e3b (diff)
download: mdnsresponder-5e33e384dc5d19f8aa63ecd4a157e7acbaed579f.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/mDNSPosix/mDNSPosix.c b/mDNSPosix/mDNSPosix.c
index 8a46c6f..a8ac88a 100644
--- a/mDNSPosix/mDNSPosix.c
+++ b/mDNSPosix/mDNSPosix.c
@@ -1357,6 +1357,14 @@ mDNSexport void    mDNSPlatformStrCopy(void *dst, const void *src)
 	strcpy((char *)dst, (char *)src);
 	}
 
+// mDNS core calls this routine to copy C strings while taking the destination
+// buffer size into account.
+// On the Posix platform this maps directly to the ANSI C strncpy.
+mDNSexport mDNSu32  mDNSPlatformStrLCopy(void *dst, const void *src, mDNSu32 dstlen)
+	{
+	return (strlcpy((char *)dst, (const char *)src, dstlen));
+	}
+
 // mDNS core calls this routine to get the length of a C string.
 // On the Posix platform this maps directly to the ANSI C strlen.
 mDNSexport mDNSu32  mDNSPlatformStrLen (const void *src)
author	Pierre Imai <imaipi@google.com>	2016-01-08 13:20:54 +0900
committer	Casey Dahlin <sadmac@google.com>	2017-03-09 14:29:25 -0800
commit	5e33e384dc5d19f8aa63ecd4a157e7acbaed579f (patch)
tree	5811fe04a3ddca6c77f6e57fbfa036f879226ed1 /mDNSPosix/mDNSPosix.c
parent	918d4611096dbb72ea44f46c2d72ce2e36f38e3b (diff)
download	mdnsresponder-5e33e384dc5d19f8aa63ecd4a157e7acbaed579f.tar.gz