From ae85ea38581e97445622d2dad79cd09775cb201a Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 21 Nov 2024 15:42:49 +0000
Subject: [PATCH] Fix buffer overflow when configured lease-change script name
 is too long.
 
Thanks to Daniel Rhea for finding this one.
 
Reference:https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=ae85ea38581e97445622d2dad79cd09775cb201a
Conflict:NA
---
 src/lease.c | 4 ++++
 1 file changed, 4 insertions(+)
 
diff --git a/src/lease.c b/src/lease.c
index 1a9f1c6..a944fbb 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -155,6 +155,10 @@ void lease_init(time_t now)
 #ifdef HAVE_SCRIPT
       if (daemon->lease_change_command)
 	{
+	  /* 6 == strlen(" init") plus terminator */
+	  if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
+	    die(_("lease-change script name is too long"), NULL, EC_FILE);
+	  
 	  strcpy(daemon->dhcp_buff, daemon->lease_change_command);
 	  strcat(daemon->dhcp_buff, " init");
 	  leasestream = popen(daemon->dhcp_buff, "r");
-- 
2.33.0