ircd: s_conf: fix use of strlcpy in strip_tabs

strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
This commit is contained in:
Simon Arlott 2017-06-25 19:48:49 +01:00
parent 789bb31c92
commit 62c0ac4124
No known key found for this signature in database
GPG key ID: C8975F2043CA5D24

View file

@ -1616,15 +1616,15 @@ conf_add_d_conf(struct ConfItem *aconf)
} }
} }
static char * static void
strip_tabs(char *dest, const char *src, size_t len) strip_tabs(char *dest, const char *src, size_t size)
{ {
char *d = dest; char *d = dest;
if(dest == NULL || src == NULL) if(dest == NULL || src == NULL)
return NULL; return;
rb_strlcpy(dest, src, len); rb_strlcpy(dest, src, size);
while(*d) while(*d)
{ {
@ -1632,7 +1632,6 @@ strip_tabs(char *dest, const char *src, size_t len)
*d = ' '; *d = ' ';
d++; d++;
} }
return dest;
} }
/* /*
@ -1647,7 +1646,7 @@ yyerror(const char *msg)
{ {
char newlinebuf[BUFSIZE]; char newlinebuf[BUFSIZE];
strip_tabs(newlinebuf, yy_linebuf, strlen(yy_linebuf)); strip_tabs(newlinebuf, yy_linebuf, sizeof(newlinebuf));
ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf);
sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'", sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",