Make sure MAXTOKENS being exceeded can't cause a buffer overflow.

1 files changed, 3 insertions, 0 deletions

diff --git a/blabouncer.c b/blabouncer.c
index f8671f5..e958828 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -606,6 +606,7 @@ int joinautochannels(SSL *server_ssl, struct client *clients, struct settings *s
   // Split on commas
   while ((token = strsep(&strcopy, ",")) != NULL) {
     if (*token  == '\0') continue; // Skip consecutive matches
+    if (counter >= MAXAUTOCHANLEN) break; // Too many tokens
     printf("  >> Auto channel: '%s', length '%ld'.\n", token, strlen(token));
     // Copy into the token array (strlen + 1 to get the NULL terminator)
     strncpy(tokens[counter], token, strlen(token) + 1);
@@ -701,6 +702,7 @@ int processircmessage(SSL *server_ssl, char *str, int source, struct client *cli
 
   while ((token = strsep(&strcopy, " ")) != NULL) {
     if (*token  == '\0') continue; // Skip consecutive matches
+    if (counter >= MAXTOKENS) break; // Too many tokens
     printf("  >> Message Token: \"%s\", length %zd.\n", token, strlen(token));
     // Copy into the token array (strlen + 1 to get the NULL terminator)
     strncpy(tokens[counter], token, strlen(token) + 1);
@@ -1892,6 +1894,7 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie
 
   while ((token = strsep(&strcopy, "\r\n")) != NULL) {
     if (*token == '\0') continue; // Skip consecutive matches
+    if (counter >= MAXTOKENS) break; // Too many tokens
     printf("String Token: \"%s\", length %zd.\n", token, strlen(token));
     // Copy into the token array (strlen + 1 to get the NULL terminator)
     strncpy(messages[messagecount], token, strlen(token) + 1);