Patch accepted, with one change
> snprintf(daemon->namebuff+oldlen, sizeof(daemon->namebuff)-oldlen,
daemon->namebuff is a char *, so sizeof(daemon->namebuff) is 4 or 8 and
sizeof(daemon->namebuff)-oldlen is a negative number which is a large
positive number when promoted to unsigned size_t. There's thus
effectively no protection here against buffer overflow.
In such ways are security CVEs seeded :)
A changed sizeof(daemon->namebuff) to (MAXDNAME-1) which is the
buffer-size limit used elsewhere in this code.
Dnsmasq-discuss mailing list