diff options
author | Luke Bratch <luke@bratch.co.uk> | 2019-05-27 17:25:34 +0100 |
---|---|---|
committer | Luke Bratch <luke@bratch.co.uk> | 2019-05-27 17:25:34 +0100 |
commit | 55f0010f89fe62928b8aef29bfbf73407380ad69 (patch) | |
tree | 03df615aeaa0a85922a510fe9470c06ee3f3366c /blabouncer.c | |
parent | 3c60bbdb928da1ebcec9153fb199ad740ad41856 (diff) |
Make sure MAXTOKENS being exceeded can't cause a buffer overflow.
Diffstat (limited to 'blabouncer.c')
-rw-r--r-- | blabouncer.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/blabouncer.c b/blabouncer.c index f8671f5..e958828 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -606,6 +606,7 @@ int joinautochannels(SSL *server_ssl, struct client *clients, struct settings *s // Split on commas while ((token = strsep(&strcopy, ",")) != NULL) { if (*token == '\0') continue; // Skip consecutive matches + if (counter >= MAXAUTOCHANLEN) break; // Too many tokens printf(" >> Auto channel: '%s', length '%ld'.\n", token, strlen(token)); // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(tokens[counter], token, strlen(token) + 1); @@ -701,6 +702,7 @@ int processircmessage(SSL *server_ssl, char *str, int source, struct client *cli while ((token = strsep(&strcopy, " ")) != NULL) { if (*token == '\0') continue; // Skip consecutive matches + if (counter >= MAXTOKENS) break; // Too many tokens printf(" >> Message Token: \"%s\", length %zd.\n", token, strlen(token)); // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(tokens[counter], token, strlen(token) + 1); @@ -1892,6 +1894,7 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie while ((token = strsep(&strcopy, "\r\n")) != NULL) { if (*token == '\0') continue; // Skip consecutive matches + if (counter >= MAXTOKENS) break; // Too many tokens printf("String Token: \"%s\", length %zd.\n", token, strlen(token)); // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(messages[messagecount], token, strlen(token) + 1); |