From 62c0ac412468732d1918df633ecd96fc1f9f1a9c Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Sun, 25 Jun 2017 19:48:49 +0100
Subject: [PATCH] ircd: s_conf: fix use of strlcpy in strip_tabs

strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
---
 src/s_conf.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/s_conf.c b/src/s_conf.c
index dde9a67f..1141b818 100644
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -1616,15 +1616,15 @@ conf_add_d_conf(struct ConfItem *aconf)
 	}
 }
 
-static char *
-strip_tabs(char *dest, const char *src, size_t len)
+static void
+strip_tabs(char *dest, const char *src, size_t size)
 {
 	char *d = dest;
 
 	if(dest == NULL || src == NULL)
-		return NULL;
+		return;
 
-	rb_strlcpy(dest, src, len);
+	rb_strlcpy(dest, src, size);
 
 	while(*d)
 	{
@@ -1632,7 +1632,6 @@ strip_tabs(char *dest, const char *src, size_t len)
 			*d = ' ';
 		d++;
 	}
-	return dest;
 }
 
 /*
@@ -1647,7 +1646,7 @@ yyerror(const char *msg)
 {
 	char newlinebuf[BUFSIZE];
 
-	strip_tabs(newlinebuf, yy_linebuf, strlen(yy_linebuf));
+	strip_tabs(newlinebuf, yy_linebuf, sizeof(newlinebuf));
 
 	ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf);
 	sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",