cmdline: check size of result buffer to avoid overflow

[libcmdline.git] / src / lib / cmdline_parse_etheraddr.c

diff --git a/src/lib/cmdline_parse_etheraddr.c b/src/lib/cmdline_parse_etheraddr.c
index e0528c5..7a50e02 100644 (file)
--- a/src/lib/cmdline_parse_etheraddr.c
+++ b/src/lib/cmdline_parse_etheraddr.c
@@ -110,13 +110,16 @@ my_ether_aton(const char *a)
 
 int
 cmdline_parse_etheraddr(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
-                       const char *buf, void *res)
+                       const char *buf, void *res, unsigned ressize)
 {
        unsigned int token_len = 0;
        char ether_str[ETHER_ADDRSTRLEN];
        struct ether_addr *etheraddr = res;
        struct ether_addr *tmp;
 
+       if (res && ressize < sizeof(struct ether_addr))
+               return -1;
+
        /* if token is too big... */
        token_len = snprintf(ether_str, sizeof(ether_str), "%s", buf);
        if (token_len >= sizeof(ether_str))