From 561441320f0cb67ea97f81c59332da5c6d14b494 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 3 May 2017 22:54:09 +0100
Subject: [PATCH] Fix a couple of crashes on malformed config files.

Thanks to Stephan Zeisberg and
american fuzzy lop http://lcamtuf.coredump.cx/afl/
---
 src/option.c | 5 ++++-
 src/util.c   | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/option.c b/src/option.c
index 81c2ae6..064ef62 100644
--- a/src/option.c
+++ b/src/option.c
@@ -3848,9 +3848,12 @@ err:
 	while (arg != last)
 	  {
 	    alias = canonicalise_opt(arg);
+
+	    if (!alias || !target)
+	      ret_err(_("bad CNAME"));
 	    
 	    for (new = daemon->cnames; new; new = new->next)
-	      if (hostname_isequal(new->alias, arg))
+	      if (hostname_isequal(new->alias, alias))
 		ret_err(_("duplicate CNAME"));
 	    new = opt_malloc(sizeof(struct cname));
 	    new->next = daemon->cnames;
diff --git a/src/util.c b/src/util.c
index 987a259..74e6ec6 100644
--- a/src/util.c
+++ b/src/util.c
@@ -503,7 +503,8 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
 			return -1;
 		      out[i] = strtol(&in[j*2], NULL, 16);
 		      mask = mask << 1;
-		      i++;
+		      if (i++ == maxlen)
+			break; 
 		      if (j < bytes - 1)
 			in[(j+1)*2] = sav;
 		    }