ircd: substitution: fix NULL termination buffer overrun when the output is too large for the buffer
This commit is contained in:
parent
1dfb080874
commit
fb81421fc7
1 changed files with 4 additions and 1 deletions
|
@ -140,8 +140,11 @@ char *substitution_parse(const char *fmt, rb_dlink_list *varlist)
|
||||||
|
|
||||||
if (!rb_strcasecmp(varname, val->name))
|
if (!rb_strcasecmp(varname, val->name))
|
||||||
{
|
{
|
||||||
rb_strlcpy(bptr, val->value, BUFSIZE - (bptr - buf));
|
rb_strlcpy(bptr, val->value, sizeof(buf) - (bptr - buf));
|
||||||
bptr += strlen(val->value);
|
bptr += strlen(val->value);
|
||||||
|
if (bptr >= &buf[sizeof(buf)]) {
|
||||||
|
bptr = &buf[sizeof(buf) - 1];
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue