From cc451785fe4426566f6c4a6a5156d4fb40bcc22d Mon Sep 17 00:00:00 2001
From: Erik Kline <ek@google.com>
Date: Tue, 28 Jul 2015 17:31:19 +0900
Subject: [PATCH] Fix incorrectly sized buffer.

Also: use a more correct size type.

Bug: 21562630
Bug: 21764392
Bug: 22464419
Change-Id: I9a9cf64f0481670828fac707e00196e222d0311e
---
 libsysutils/src/NetlinkEvent.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libsysutils/src/NetlinkEvent.cpp b/libsysutils/src/NetlinkEvent.cpp
index 2347028b8..23dcd6273 100644
--- a/libsysutils/src/NetlinkEvent.cpp
+++ b/libsysutils/src/NetlinkEvent.cpp
@@ -463,19 +463,19 @@ bool NetlinkEvent::parseNdUserOptMessage(const struct nlmsghdr *nh) {
 
         // Construct "SERVERS=<comma-separated string of DNS addresses>".
         static const char kServerTag[] = "SERVERS=";
-        static const int kTagLength = strlen(kServerTag);
+        static const size_t kTagLength = strlen(kServerTag);
         // Reserve sufficient space for an IPv6 link-local address: all but the
         // last address are followed by ','; the last is followed by '\0'.
-        static const int kMaxSingleAddressLength =
+        static const size_t kMaxSingleAddressLength =
                 INET6_ADDRSTRLEN + strlen("%") + IFNAMSIZ + strlen(",");
-        const int bufsize = kTagLength + numaddrs * (INET6_ADDRSTRLEN + 1);
+        const size_t bufsize = kTagLength + numaddrs * kMaxSingleAddressLength;
         char *buf = (char *) malloc(bufsize);
         if (!buf) {
             SLOGE("RDNSS option: out of memory\n");
             return false;
         }
         strcpy(buf, kServerTag);
-        int pos = kTagLength;
+        size_t pos = kTagLength;
 
         struct in6_addr *addrs = (struct in6_addr *) (rndss_opt + 1);
         for (int i = 0; i < numaddrs; i++) {