diff options
author | Luke Bratch <luke@bratch.co.uk> | 2019-09-06 20:10:17 +0100 |
---|---|---|
committer | Luke Bratch <luke@bratch.co.uk> | 2019-09-06 20:10:17 +0100 |
commit | a61ba3d2b90dcbb689b312be0458651488a8f826 (patch) | |
tree | db00fa3e056e5ade7889a057ebe34237593dd282 /blabouncer.c | |
parent | ab87103cdd2971e671fb577d40073cd3837ed32b (diff) |
Change how the received client string length check is done before stripping newlines to avoid a potential buffer underflow.
Diffstat (limited to 'blabouncer.c')
-rw-r--r-- | blabouncer.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/blabouncer.c b/blabouncer.c index ecd8d00..e0c41f8 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -826,10 +826,8 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received // clear up any newlines - TODO - Should we be doing this? If not, we can stop only doing truncation checks for the server in processrawstring(). // Only check for newlines if the string length is at least one! - if (strlen(clientbuf) > 0) { - while (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r') { - clientbuf[strlen(clientbuf) - 1] = '\0'; - } + while (strlen(clientbuf) > 0 && (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r')) { + clientbuf[strlen(clientbuf) - 1] = '\0'; } debugprint(DEBUG_SOME, "BOUNCER-CLIENT RECEIVED: '%s'\n", clientbuf); |