Fix possible buffer overflow in irc channel name parsing.

author: Andrei Karas <akaras@inbox.ru> 2014-10-29 21:00:13 +0300
committer: Andrei Karas <akaras@inbox.ru> 2014-10-31 11:27:09 +0300
commit: f4171298280710e8251c50e453da28791b8d9e75 (patch)
tree: ae86ab72a2db24de4e5bbc7fca9c005d7f10746d /src/map
parent: c5173e0a294b653d0781851e6bb1d09d54cc6085 (diff)
download: hercules-f4171298280710e8251c50e453da28791b8d9e75.tar.gz
hercules-f4171298280710e8251c50e453da28791b8d9e75.tar.bz2
hercules-f4171298280710e8251c50e453da28791b8d9e75.tar.xz
hercules-f4171298280710e8251c50e453da28791b8d9e75.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/src/map/clif.c b/src/map/clif.c
index b9cd4cbaf..a93bf0802 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -2703,14 +2703,15 @@ void read_channels_config(void) {
 				} else {
 					unsigned char d = 0, dlen = strlen(irc_server);
 					char server[40];
-
+					if (dlen > 39)
+						dlen = 39;
 					memset(server, '\0', sizeof(server));
 
 					for(d = 0; d < dlen; d++) {
 						if(irc_server[d] == ':') {
 							memcpy(server, irc_server, d);
 							safestrncpy(hChSys.irc_server, server, 40);
-							memcpy(server, &irc_server[d+1], dlen);
+							memcpy(server, &irc_server[d+1], dlen - d - 1);
 							hChSys.irc_server_port = atoi(server);
 							break;
 						}
author	Andrei Karas <akaras@inbox.ru>	2014-10-29 21:00:13 +0300
committer	Andrei Karas <akaras@inbox.ru>	2014-10-31 11:27:09 +0300
commit	f4171298280710e8251c50e453da28791b8d9e75 (patch)
tree	ae86ab72a2db24de4e5bbc7fca9c005d7f10746d /src/map
parent	c5173e0a294b653d0781851e6bb1d09d54cc6085 (diff)
download	hercules-f4171298280710e8251c50e453da28791b8d9e75.tar.gz hercules-f4171298280710e8251c50e453da28791b8d9e75.tar.bz2 hercules-f4171298280710e8251c50e453da28791b8d9e75.tar.xz hercules-f4171298280710e8251c50e453da28791b8d9e75.zip