ircd: substitution: fix NULL termination buffer overrun when the output is too large for the buffer

This commit is contained in:
Simon Arlott 2017-07-27 12:58:23 +01:00
parent 1dfb080874
commit fb81421fc7
No known key found for this signature in database
GPG key ID: C8975F2043CA5D24

View file

@ -140,8 +140,11 @@ char *substitution_parse(const char *fmt, rb_dlink_list *varlist)
if (!rb_strcasecmp(varname, val->name)) if (!rb_strcasecmp(varname, val->name))
{ {
rb_strlcpy(bptr, val->value, BUFSIZE - (bptr - buf)); rb_strlcpy(bptr, val->value, sizeof(buf) - (bptr - buf));
bptr += strlen(val->value); bptr += strlen(val->value);
if (bptr >= &buf[sizeof(buf)]) {
bptr = &buf[sizeof(buf) - 1];
}
break; break;
} }
} }