From dc83071541f10ae9eb3e617bb9454efe710be869 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Fri, 8 Jun 2007 20:38:16 +0000
Subject: [PATCH] 	Fixed MIME multipart decoding buffer overflow.  Thanks
 to Matt 	Miller for patch.

---
 lib/silcutil/silcmime.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/silcutil/silcmime.c b/lib/silcutil/silcmime.c
index f719e779..b551b3bd 100644
--- a/lib/silcutil/silcmime.c
+++ b/lib/silcutil/silcmime.c
@@ -198,6 +198,7 @@ SilcMime silc_mime_decode(SilcMime mime, const unsigned char *data,
   if (field && strstr(field, "multipart")) {
     char b[1024];
     SilcMime p;
+    unsigned int len;
 
     mime->multiparts = silc_dlist_init();
     if (!mime->multiparts)
@@ -213,7 +214,10 @@ SilcMime silc_mime_decode(SilcMime mime, const unsigned char *data,
     if (!strchr(field, ';'))
       goto err;
     memset(b, 0, sizeof(b));
-    strncat(b, value, strchr(field, ';') - value);
+    len = strchr(field, ';') - value;
+    if (len > sizeof(b) - 1)
+      goto err;
+    strncpy(b, value, len);
     if (strchr(b, '"'))
       *strchr(b, '"') = '\0';
     mime->multitype = silc_memdup(b, strlen(b));
-- 
2.43.0