From: Pekka Riikonen <priikone@silcnet.org>
Date: Fri, 8 Jun 2007 20:38:16 +0000 (+0000)
Subject: 	Fixed MIME multipart decoding buffer overflow.  Thanks to Matt
X-Git-Tag: 1.2.beta4~12^2~136
X-Git-Url: http://git.silcnet.org/gitweb/?a=commitdiff_plain;h=dc83071541f10ae9eb3e617bb9454efe710be869;p=runtime.git

	Fixed MIME multipart decoding buffer overflow.  Thanks to Matt
	Miller for patch.
---

diff --git a/lib/silcutil/silcmime.c b/lib/silcutil/silcmime.c
index f719e779..b551b3bd 100644
--- a/lib/silcutil/silcmime.c
+++ b/lib/silcutil/silcmime.c
@@ -198,6 +198,7 @@ SilcMime silc_mime_decode(SilcMime mime, const unsigned char *data,
   if (field && strstr(field, "multipart")) {
     char b[1024];
     SilcMime p;
+    unsigned int len;
 
     mime->multiparts = silc_dlist_init();
     if (!mime->multiparts)
@@ -213,7 +214,10 @@ SilcMime silc_mime_decode(SilcMime mime, const unsigned char *data,
     if (!strchr(field, ';'))
       goto err;
     memset(b, 0, sizeof(b));
-    strncat(b, value, strchr(field, ';') - value);
+    len = strchr(field, ';') - value;
+    if (len > sizeof(b) - 1)
+      goto err;
+    strncpy(b, value, len);
     if (strchr(b, '"'))
       *strchr(b, '"') = '\0';
     mime->multitype = silc_memdup(b, strlen(b));