llmnr-query: Fix missing NULL byte

If the domain name in the response is <len> <octets> <00>, the code copies 'len' octets to name[], but does not add a terminating NULL character. The same may happen in the "compression" case. Fix this by adding a NULL byte in both cases. Patch constributed by @tbetker. Fixes #22 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
tklauser · Feb 28, 2017 · 29deb4c · 29deb4c
1 parent b7a77aa
commit 29deb4c
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/llmnr-query.c b/llmnr-query.c
@@ -344,12 +344,13 @@ int main(int argc, char **argv)
 					if (ptr < p->size - 1) {
 						uint8_t nnl = p->data[ptr];
 						strncpy(name, (char *)&p->data[ptr + 1], nnl);
+						name[nnl] = '\0';
 					} else
 						strncpy(name, "<invalid>", LLMNR_LABEL_MAX_SIZE);
-				} else
+				} else {
 					strncpy(name, (char *)pkt_put(p, nl + 1), nl);
-
-				name[LLMNR_LABEL_MAX_SIZE] = '\0';
+					name[nl] = '\0';
+				}
 
 				type = htons(pkt_put_extract_u16(p));
 				clss = htons(pkt_put_extract_u16(p));