Fixed CUMODE mode->mode character conversion buffer overflow.

[silc.git] / lib / silcutil / silcutil.c

diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c
index 8bc4e2c32a736c0f788e67067ba1e752b422d176..74d51702c1d308a83c900c3d1453faa9d83214fe 100644 (file)
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -653,11 +653,15 @@ char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
   if (mode & SILC_CHANNEL_MODE_SILENCE_OPERS)
     strncat(string, "M", 1);
 
-  if (mode & SILC_CHANNEL_MODE_CIPHER)
-    strncat(string, cipher, strlen(cipher));
+  if (mode & SILC_CHANNEL_MODE_CIPHER) {
+    if (strlen(cipher) + strlen(string) < sizeof(string))
+      strncat(string, cipher, strlen(cipher));
+  }
 
-  if (mode & SILC_CHANNEL_MODE_HMAC)
-    strncat(string, hmac, strlen(hmac));
+  if (mode & SILC_CHANNEL_MODE_HMAC) {
+    if (strlen(hmac) + strlen(string) < sizeof(string))
+      strncat(string, hmac, strlen(hmac));
+  }
 
   /* Rest of mode is ignored */
 
@@ -668,7 +672,7 @@ char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
 
 char *silc_client_chumode(SilcUInt32 mode)
 {
-  char string[4];
+  char string[64];
 
   if (!mode)
     return NULL;
@@ -700,7 +704,7 @@ char *silc_client_chumode(SilcUInt32 mode)
 
 char *silc_client_chumode_char(SilcUInt32 mode)
 {
-  char string[4];
+  char string[64];
 
   if (!mode)
     return NULL;