From a61ba3d2b90dcbb689b312be0458651488a8f826 Mon Sep 17 00:00:00 2001
From: Luke Bratch <luke@bratch.co.uk>
Date: Fri, 6 Sep 2019 20:10:17 +0100
Subject: Change how the received client string length check is done before
 stripping newlines to avoid a potential buffer underflow.

---
 blabouncer.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'blabouncer.c')

diff --git a/blabouncer.c b/blabouncer.c
index ecd8d00..e0c41f8 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -826,10 +826,8 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
             clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received
             // clear up any newlines - TODO - Should we be doing this?  If not, we can stop only doing truncation checks for the server in processrawstring().
             // Only check for newlines if the string length is at least one!
-            if (strlen(clientbuf) > 0) {
-              while (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r') {
-                clientbuf[strlen(clientbuf) - 1] = '\0';
-              }
+            while (strlen(clientbuf) > 0 && (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r')) {
+              clientbuf[strlen(clientbuf) - 1] = '\0';
             }
             debugprint(DEBUG_SOME, "BOUNCER-CLIENT RECEIVED: '%s'\n", clientbuf);
 
-- 
cgit v1.2.3