cmdline: check size of result buffer to avoid overflow

[libcmdline.git] / src / lib / cmdline_parse_ipaddr.c

diff --git a/src/lib/cmdline_parse_ipaddr.c b/src/lib/cmdline_parse_ipaddr.c
index 37b2f3b..cb41562 100644 (file)
--- a/src/lib/cmdline_parse_ipaddr.c
+++ b/src/lib/cmdline_parse_ipaddr.c
@@ -290,7 +290,8 @@ inet_pton6(const char *src, unsigned char *dst)
 }
 
 int
-cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+                    unsigned ressize)
 {
        struct cmdline_token_ipaddr *tk2 = (struct cmdline_token_ipaddr *)tk;
        unsigned int token_len = 0;
@@ -299,6 +300,9 @@ cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
        char *prefix, *prefix_end;
        long prefixlen;
 
+       if (res && ressize < sizeof(cmdline_ipaddr_t))
+               return -1;
+
        /* if token is too big... */
        token_len = snprintf(ip_str, sizeof(ip_str), "%s", buf);
        if (token_len >= sizeof(ip_str))