Change how the received client string length check is done before stripping newlines to avoid a potential buffer underflow.

author: Luke Bratch <luke@bratch.co.uk> 2019-09-06 20:10:17 +0100
committer: Luke Bratch <luke@bratch.co.uk> 2019-09-06 20:10:17 +0100
commit: a61ba3d2b90dcbb689b312be0458651488a8f826 (patch)
tree: db00fa3e056e5ade7889a057ebe34237593dd282 /blabouncer.c
parent: ab87103cdd2971e671fb577d40073cd3837ed32b (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/blabouncer.c b/blabouncer.c
index ecd8d00..e0c41f8 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -826,10 +826,8 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
             clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received
             // clear up any newlines - TODO - Should we be doing this?  If not, we can stop only doing truncation checks for the server in processrawstring().
             // Only check for newlines if the string length is at least one!
-            if (strlen(clientbuf) > 0) {
-              while (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r') {
-                clientbuf[strlen(clientbuf) - 1] = '\0';
-              }
+            while (strlen(clientbuf) > 0 && (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r')) {
+              clientbuf[strlen(clientbuf) - 1] = '\0';
             }
             debugprint(DEBUG_SOME, "BOUNCER-CLIENT RECEIVED: '%s'\n", clientbuf);
author	Luke Bratch <luke@bratch.co.uk>	2019-09-06 20:10:17 +0100
committer	Luke Bratch <luke@bratch.co.uk>	2019-09-06 20:10:17 +0100
commit	a61ba3d2b90dcbb689b312be0458651488a8f826 (patch)
tree	db00fa3e056e5ade7889a057ebe34237593dd282 /blabouncer.c
parent	ab87103cdd2971e671fb577d40073cd3837ed32b (diff)