ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not the length of the source string. When the source is an empty string, the destination buffer isn't written at all, resulting in it trying to output uninitialised data. This could also cause a buffer overflow on very long invalid config lines.
This commit is contained in:
parent
789bb31c92
commit
62c0ac4124
1 changed files with 5 additions and 6 deletions
11
src/s_conf.c
11
src/s_conf.c
|
@ -1616,15 +1616,15 @@ conf_add_d_conf(struct ConfItem *aconf)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *
|
static void
|
||||||
strip_tabs(char *dest, const char *src, size_t len)
|
strip_tabs(char *dest, const char *src, size_t size)
|
||||||
{
|
{
|
||||||
char *d = dest;
|
char *d = dest;
|
||||||
|
|
||||||
if(dest == NULL || src == NULL)
|
if(dest == NULL || src == NULL)
|
||||||
return NULL;
|
return;
|
||||||
|
|
||||||
rb_strlcpy(dest, src, len);
|
rb_strlcpy(dest, src, size);
|
||||||
|
|
||||||
while(*d)
|
while(*d)
|
||||||
{
|
{
|
||||||
|
@ -1632,7 +1632,6 @@ strip_tabs(char *dest, const char *src, size_t len)
|
||||||
*d = ' ';
|
*d = ' ';
|
||||||
d++;
|
d++;
|
||||||
}
|
}
|
||||||
return dest;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1647,7 +1646,7 @@ yyerror(const char *msg)
|
||||||
{
|
{
|
||||||
char newlinebuf[BUFSIZE];
|
char newlinebuf[BUFSIZE];
|
||||||
|
|
||||||
strip_tabs(newlinebuf, yy_linebuf, strlen(yy_linebuf));
|
strip_tabs(newlinebuf, yy_linebuf, sizeof(newlinebuf));
|
||||||
|
|
||||||
ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf);
|
ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf);
|
||||||
sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",
|
sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",
|
||||||
|
|
Loading…
Reference in a new issue