Fix buffer overflow when configured lease-change script name

is too long. Thanks to Daniel Rhea for finding this one.
2025-12-19 10:18:25 +00:00 · 2024-11-21 15:42:49 +00:00
parent b087cf4a6c
commit ae85ea3858
2 changed files with 8 additions and 0 deletions
--- a/src/lease.c
+++ b/src/lease.c
@@ -150,6 +150,10 @@ void lease_init(time_t now)
 #ifdef HAVE_SCRIPT
      if (daemon->lease_change_command)
 	{
+	  /* 6 == strlen(" init") plus terminator */
+	  if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
+	    die(_("lease-change script name is too long"), NULL, EC_FILE);
+	  
 	  strcpy(daemon->dhcp_buff, daemon->lease_change_command);
 	  strcat(daemon->dhcp_buff, " init");
 	  leasestream = popen(daemon->dhcp_buff, "r");