From db4e276662010ccbacd5955f9e2c2582aed57a24 Mon Sep 17 00:00:00 2001
From: Darell Tan <darell.tan@gmail.com>
Date: Sun, 5 Nov 2017 00:02:07 +0800
Subject: [PATCH] Ensure sufficient buffer size when converting nlabels to
 string.

---
 mdns.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/mdns.c b/mdns.c
index 213ff1f..4781f1d 100644
--- a/mdns.c
+++ b/mdns.c
@@ -90,18 +90,26 @@ uint8_t *join_nlabel(const uint8_t *n1, const uint8_t *n2) {
 char *nlabel_to_str(const uint8_t *name) {
 	char *label, *labelp;
 	const uint8_t *p;
+	size_t buf_len = 256;
 
 	assert(name != NULL);
 
-	label = labelp = malloc(256);
+	label = labelp = malloc(buf_len);
 
 	for (p = name; *p; p++) {
-		strncpy(labelp, (char *) p + 1, *p);
-		labelp += *p;
+		uint8_t label_len = *p;
+		if (buf_len <= label_len)
+			break;
+
+		strncpy(labelp, (char *) p + 1, label_len);
+		labelp += label_len;
+
 		*labelp = '.';
 		labelp++;
 
-		p += *p;
+		buf_len -= label_len + 1;
+
+		p += label_len;
 	}
 
 	*labelp = '\0';