From e1d588629395dd81359d16d876cf2ccf67404ce7 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Thu, 27 Jun 2002 17:04:17 +0000
Subject: [PATCH] 	Fixed CUMODE mode->mode character conversion buffer
 overflow.

---
 CHANGES                 |  6 ++++++
 apps/silcd/server.c     |  1 -
 lib/silcutil/silcutil.c | 16 ++++++++++------
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 201c1f2b..c0b18f0a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Thu Jun 27 20:07:27 EEST 2002 Pekka Riikonen <priikone@silcnet.org>
+
+	* Buffer overflow with CUMODE command's mode->mode character
+	  conversion.  Reported by Ville Räsänen.  Affected file
+	  lib/silcutil/silcutil.c.
+
 Thu Jun 27 16:54:33 EEST 2002 Pekka Riikonen <priikone@silcnet.org>
 
 	* Allow heartbeat packets to go disabled connections anyway.
diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index 34f7b9ba..b0ec5cac 100644
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -3707,7 +3707,6 @@ SilcChannelEntry silc_server_save_channel_key(SilcServer server,
       if (!channel) {
 	SILC_LOG_ERROR(("Received key for non-existent channel %s",
 			silc_id_render(id, SILC_ID_CHANNEL)));
-	assert(FALSE);
 	goto out;
       }
     }
diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c
index 8bc4e2c3..74d51702 100644
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -653,11 +653,15 @@ char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
   if (mode & SILC_CHANNEL_MODE_SILENCE_OPERS)
     strncat(string, "M", 1);
 
-  if (mode & SILC_CHANNEL_MODE_CIPHER)
-    strncat(string, cipher, strlen(cipher));
+  if (mode & SILC_CHANNEL_MODE_CIPHER) {
+    if (strlen(cipher) + strlen(string) < sizeof(string))
+      strncat(string, cipher, strlen(cipher));
+  }
 
-  if (mode & SILC_CHANNEL_MODE_HMAC)
-    strncat(string, hmac, strlen(hmac));
+  if (mode & SILC_CHANNEL_MODE_HMAC) {
+    if (strlen(hmac) + strlen(string) < sizeof(string))
+      strncat(string, hmac, strlen(hmac));
+  }
 
   /* Rest of mode is ignored */
 
@@ -668,7 +672,7 @@ char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
 
 char *silc_client_chumode(SilcUInt32 mode)
 {
-  char string[4];
+  char string[64];
 
   if (!mode)
     return NULL;
@@ -700,7 +704,7 @@ char *silc_client_chumode(SilcUInt32 mode)
 
 char *silc_client_chumode_char(SilcUInt32 mode)
 {
-  char string[4];
+  char string[64];
 
   if (!mode)
     return NULL;
-- 
2.24.0