From 539e3ee70a520b879226a80c60ad9b1b9f344bf2 Mon Sep 17 00:00:00 2001
From: Youfu Zhang <zhangyoufu@gmail.com>
Date: Tue, 2 May 2017 13:31:35 +0800
Subject: [PATCH] NUL-terminate gai->value for OPT_RESOLVE, fix out-of-bound
 read

Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.c b/main.c
index 71be3031..2210bdf2 100644
--- a/main.c
+++ b/main.c
@@ -1174,7 +1174,7 @@ int main(int argc, char **argv)
 				fprintf(stderr, _("Missing colon in resolve option\n"));
 				exit(1);
 			}
-			gai = malloc(sizeof(*gai) + strlen(config_arg));
+			gai = malloc(sizeof(*gai) + strlen(config_arg) + 1);
 			if (!gai) {
 				fprintf(stderr, _("Failed to allocate memory\n"));
 				exit(1);
@@ -1182,7 +1182,7 @@ int main(int argc, char **argv)
 			gai->next = gai_overrides;
 			gai_overrides = gai;
 			gai->option = (void *)(gai + 1);
-			memcpy(gai->option, config_arg, strlen(config_arg));
+			memcpy(gai->option, config_arg, strlen(config_arg) + 1);
 			gai->option[ip - config_arg] = 0;
 			gai->value = gai->option + (ip - config_arg) + 1;
 			break;