CVE-2020-25887: Buffer overflow in mg_resolve_from_hosts_file function · Issue #1140 · cesanta/mongoose

Buffer overflow in mg_resolve_from_hosts_file function (line 124) in mongoose/src/mg_resolv.c in Mongoose 6.18, where sscanf copies data from p to alias without limiting the size of the copied data not to exceed the alias array size, which is 256. Note that p can be up to 1024 (minus the IP digits) and is copied from a tainted file. This bug can be triggered by a malformed hosts file that includes a hostname that is larger than 256.

One way to fix this bug is by adding the format width specifier

for (p = line + len; sscanf(p, "%255ss%n", alias, &len) == 1; p += len) {