diff options
author | Haruna <haru@dotalux.com> | 2014-11-02 19:54:37 +0100 |
---|---|---|
committer | Haruna <haru@dotalux.com> | 2014-11-02 19:54:37 +0100 |
commit | ce3f4bfbe016ea69c855146667ba9bd9e0e2e221 (patch) | |
tree | 38036b518f7eed82d9a1cbfd2691dc22481599ea /src/map | |
parent | 134a4bae206a9c14f7da86095b5555b91ace3035 (diff) | |
parent | f4171298280710e8251c50e453da28791b8d9e75 (diff) | |
download | hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.tar.gz hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.tar.bz2 hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.tar.xz hercules-ce3f4bfbe016ea69c855146667ba9bd9e0e2e221.zip |
Merge pull request #379 from 4144/irccrash
Fix possible buffer overflow in irc channel name parsing.
Diffstat (limited to 'src/map')
-rw-r--r-- | src/map/clif.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/map/clif.c b/src/map/clif.c index b9cd4cbaf..a93bf0802 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -2703,14 +2703,15 @@ void read_channels_config(void) { } else { unsigned char d = 0, dlen = strlen(irc_server); char server[40]; - + if (dlen > 39) + dlen = 39; memset(server, '\0', sizeof(server)); for(d = 0; d < dlen; d++) { if(irc_server[d] == ':') { memcpy(server, irc_server, d); safestrncpy(hChSys.irc_server, server, 40); - memcpy(server, &irc_server[d+1], dlen); + memcpy(server, &irc_server[d+1], dlen - d - 1); hChSys.irc_server_port = atoi(server); break; } |