summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHaruna <haru@dotalux.com>2014-11-02 19:54:37 +0100
committerHaruna <haru@dotalux.com>2014-11-02 19:54:37 +0100
commitce3f4bfbe016ea69c855146667ba9bd9e0e2e221 (patch)
tree38036b518f7eed82d9a1cbfd2691dc22481599ea
parent134a4bae206a9c14f7da86095b5555b91ace3035 (diff)
parentf4171298280710e8251c50e453da28791b8d9e75 (diff)
downloadhercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.tar.gz
hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.tar.bz2
hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.tar.xz
hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.zip
Merge pull request #379 from 4144/irccrash
Fix possible buffer overflow in irc channel name parsing.
-rw-r--r--src/map/clif.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/map/clif.c b/src/map/clif.c
index b9cd4cbaf..a93bf0802 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -2703,14 +2703,15 @@ void read_channels_config(void) {
} else {
unsigned char d = 0, dlen = strlen(irc_server);
char server[40];
-
+ if (dlen > 39)
+ dlen = 39;
memset(server, '\0', sizeof(server));
for(d = 0; d < dlen; d++) {
if(irc_server[d] == ':') {
memcpy(server, irc_server, d);
safestrncpy(hChSys.irc_server, server, 40);
- memcpy(server, &irc_server[d+1], dlen);
+ memcpy(server, &irc_server[d+1], dlen - d - 1);
hChSys.irc_server_port = atoi(server);
break;
}