From 234f576565b9841b0085cc33d7e727afcdd43571 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Fri, 9 Oct 2015 15:17:21 +0100
Subject: [PATCH] miniupnpc: quick fix for buffer overflow

http://talosintel.com/reports/TALOS-2015-0035/

reported by palexander on IRC
---
 external/miniupnpc/igd_desc_parse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/external/miniupnpc/igd_desc_parse.c b/external/miniupnpc/igd_desc_parse.c
index 0eaf21b6..a4396623 100644
--- a/external/miniupnpc/igd_desc_parse.c
+++ b/external/miniupnpc/igd_desc_parse.c
@@ -15,6 +15,10 @@
 void IGDstartelt(void * d, const char * name, int l)
 {
 	struct IGDdatas * datas = (struct IGDdatas *)d;
+        if (l >= MINIUPNPC_URL_MAXSIZE) {
+          printf("Attempt to exploit miniupnpc buffer overflow\n");
+          l = MINIUPNPC_URL_MAXSIZE - 1;
+        }
 	memcpy( datas->cureltname, name, l);
 	datas->cureltname[l] = '\0';
 	datas->level++;