From 5baa4ad21aad5303d1cc8cb737f9366e6ead6da3 Mon Sep 17 00:00:00 2001
From: QuanTech0 <1337h4x0rname@gmail.com>
Date: Tue, 29 Aug 2017 21:28:46 -0400
Subject: [PATCH] fix buffer overflow in opt_meth_setoption

PoC trigger:
c=socket.connect('google.com',80)
c.setoption(c,'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa')
---
 src/options.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/options.c b/src/options.c
index 20f4c28..36fb6ec 100644
--- a/src/options.c
+++ b/src/options.c
@@ -3,6 +3,7 @@
 * LuaSocket toolkit
 \*=========================================================================*/
 #include <string.h>
+#include <stdlib.h>
 
 #include "lauxlib.h"
 
@@ -37,9 +38,10 @@ int opt_meth_setoption(lua_State *L, p_opt opt, p_socket ps)
     while (opt->name && strcmp(name, opt->name))
         opt++;
     if (!opt->func) {
-        char msg[45];
+        char* msg = malloc(30+strlen(name));
         sprintf(msg, "unsupported option `%.35s'", name);
         luaL_argerror(L, 2, msg);
+        free(msg);
     }
     return opt->func(L, ps);
 }