From 1e7a73b2c7de8ff6f277de6ddb4ca8ad98a110d1 Mon Sep 17 00:00:00 2001
From: Jonathan G Rennison <j.g.rennison@gmail.com>
Date: Sat, 11 Apr 2020 00:57:46 +0100
Subject: [PATCH] Win32: Check for buffer overrun when calling
 WSAIoctl/SIO_GET_INTERFACE_LIST

This has been observed on Wine
---
 src/network/core/host.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/network/core/host.cpp b/src/network/core/host.cpp
index bcb048e474..c42bd70428 100644
--- a/src/network/core/host.cpp
+++ b/src/network/core/host.cpp
@@ -110,7 +110,7 @@ static void NetworkFindBroadcastIPsInternal(NetworkAddressList *broadcast) // Wi
 	if (sock == INVALID_SOCKET) return;
 
 	DWORD len = 0;
-	int num = 2;
+	int num = 8;
 	INTERFACE_INFO *ifo = CallocT<INTERFACE_INFO>(num);
 
 	for (;;) {
@@ -123,6 +123,7 @@ static void NetworkFindBroadcastIPsInternal(NetworkAddressList *broadcast) // Wi
 		num *= 2;
 		ifo = CallocT<INTERFACE_INFO>(num);
 	}
+	assert(len <= num * sizeof(*ifo));
 
 	for (uint j = 0; j < len / sizeof(*ifo); j++) {
 		if (ifo[j].iiFlags & IFF_LOOPBACK) continue;