cmdline: check size of result buffer to avoid overflow

[libcmdline.git] / src / lib / cmdline_parse_ipaddr.c

diff --git a/src/lib/cmdline_parse_ipaddr.c b/src/lib/cmdline_parse_ipaddr.c
index 276d644..cb41562 100644 (file)
--- a/src/lib/cmdline_parse_ipaddr.c
+++ b/src/lib/cmdline_parse_ipaddr.c
@@ -290,7 +290,8 @@ inet_pton6(const char *src, unsigned char *dst)
 }
 
 int
-cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+                    unsigned ressize)
 {
        struct cmdline_token_ipaddr *tk2 = (struct cmdline_token_ipaddr *)tk;
        unsigned int token_len = 0;
@@ -299,18 +300,14 @@ cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
        char *prefix, *prefix_end;
        long prefixlen;
 
-       if (! *buf)
+       if (res && ressize < sizeof(cmdline_ipaddr_t))
                return -1;
 
-       while (!cmdline_isendoftoken(buf[token_len]))
-               token_len++;
-
        /* if token is too big... */
-       if (token_len >= INET6_ADDRSTRLEN+4)
+       token_len = snprintf(ip_str, sizeof(ip_str), "%s", buf);
+       if (token_len >= sizeof(ip_str))
                return -1;
 
-       snprintf(ip_str, token_len+1, "%s", buf);
-
        /* convert the network prefix */
        if (tk2->ipaddr_data.flags & CMDLINE_IPADDR_NETWORK) {
                prefix = strrchr(ip_str, '/');