ircd: s_conf: fix use of strlcpy in strip_tabs

strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.

diff --git a/ircd/s_conf.c b/ircd/s_conf.c
index f2685bcb1d62f90189ed0d75f755cde2796474d9..37478611572d19ac65530db376c96886e2c69be5 100644 (file)
--- a/ircd/s_conf.c
+++ b/ircd/s_conf.c
@@ -1615,15 +1615,15 @@ conf_add_d_conf(struct ConfItem *aconf)
        }
 }
 
-static char *
-strip_tabs(char *dest, const char *src, size_t len)
+static void
+strip_tabs(char *dest, const char *src, size_t size)
 {
        char *d = dest;
 
        if(dest == NULL || src == NULL)
-               return NULL;
+               return;
 
-       rb_strlcpy(dest, src, len);
+       rb_strlcpy(dest, src, size);
 
        while(*d)
        {
@@ -1631,7 +1631,6 @@ strip_tabs(char *dest, const char *src, size_t len)
                        *d = ' ';
                d++;
        }
-       return dest;
 }
 
 /*
@@ -1646,7 +1645,7 @@ yyerror(const char *msg)
 {
        char newlinebuf[BUFSIZE];
 
-       strip_tabs(newlinebuf, yy_linebuf, strlen(yy_linebuf));
+       strip_tabs(newlinebuf, yy_linebuf, sizeof(newlinebuf));
 
        ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf);
        sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",