projects
/
silc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed CUMODE mode->mode character conversion buffer overflow.
[silc.git]
/
lib
/
silcutil
/
silcutil.c
diff --git
a/lib/silcutil/silcutil.c
b/lib/silcutil/silcutil.c
index 8bc4e2c32a736c0f788e67067ba1e752b422d176..74d51702c1d308a83c900c3d1453faa9d83214fe 100644
(file)
--- a/
lib/silcutil/silcutil.c
+++ b/
lib/silcutil/silcutil.c
@@
-653,11
+653,15
@@
char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
if (mode & SILC_CHANNEL_MODE_SILENCE_OPERS)
strncat(string, "M", 1);
if (mode & SILC_CHANNEL_MODE_SILENCE_OPERS)
strncat(string, "M", 1);
- if (mode & SILC_CHANNEL_MODE_CIPHER)
- strncat(string, cipher, strlen(cipher));
+ if (mode & SILC_CHANNEL_MODE_CIPHER) {
+ if (strlen(cipher) + strlen(string) < sizeof(string))
+ strncat(string, cipher, strlen(cipher));
+ }
- if (mode & SILC_CHANNEL_MODE_HMAC)
- strncat(string, hmac, strlen(hmac));
+ if (mode & SILC_CHANNEL_MODE_HMAC) {
+ if (strlen(hmac) + strlen(string) < sizeof(string))
+ strncat(string, hmac, strlen(hmac));
+ }
/* Rest of mode is ignored */
/* Rest of mode is ignored */
@@
-668,7
+672,7
@@
char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
char *silc_client_chumode(SilcUInt32 mode)
{
char *silc_client_chumode(SilcUInt32 mode)
{
- char string[4];
+ char string[
6
4];
if (!mode)
return NULL;
if (!mode)
return NULL;
@@
-700,7
+704,7
@@
char *silc_client_chumode(SilcUInt32 mode)
char *silc_client_chumode_char(SilcUInt32 mode)
{
char *silc_client_chumode_char(SilcUInt32 mode)
{
- char string[4];
+ char string[
6
4];
if (!mode)
return NULL;
if (!mode)
return NULL;