]> jfr.im git - irc/charybdis-ircd/charybdis.git/commitdiff
projects / irc / charybdis-ircd / charybdis.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 1dfb080)
ircd: substitution: fix NULL termination buffer overrun when the output is too large...
authorSimon Arlott <sa.me.uk>
Thu, 27 Jul 2017 11:58:23 +0000 (12:58 +0100)
committerSimon Arlott <sa.me.uk>
Thu, 27 Jul 2017 17:31:07 +0000 (18:31 +0100)
ircd/substitution.c patch | blob | blame | history

diff --git a/ircd/substitution.c b/ircd/substitution.c
index 4396c2b139332609f4bfbfb51b46d6499096eca1..63d5f2f28a77d4ea436cc27c945386c0584b571b 100644 (file)
--- a/ircd/substitution.c
+++ b/ircd/substitution.c
@@ -140,8 +140,11 @@ char *substitution_parse(const char *fmt, rb_dlink_list *varlist)
 
                                if (!rb_strcasecmp(varname, val->name))
                                {
-                                       rb_strlcpy(bptr, val->value, BUFSIZE - (bptr - buf));
+                                       rb_strlcpy(bptr, val->value, sizeof(buf) - (bptr - buf));
                                        bptr += strlen(val->value);
+                                       if (bptr >= &buf[sizeof(buf)]) {
+                                               bptr = &buf[sizeof(buf) - 1];
+                                       }
                                        break;
                                }
                        }
Unnamed repository; edit this file 'description' to name the repository.