From 6aa2df9d308c014b97df37a4e8ddd4c0459de8e0 Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Wed, 1 May 2019 10:59:30 +0200 Subject: [PATCH] Fixed overlapping strlcpy(), seems to segfault under some MacOSX --- mxml | 2 +- src/elogd.c | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/mxml b/mxml index cb34fe49..15c5f5c6 160000 --- a/mxml +++ b/mxml @@ -1 +1 @@ -Subproject commit cb34fe499c80fcb80aa6e5a2ae7f2dbaf7e790e1 +Subproject commit 15c5f5c6764f99e9974c6ea40f5a58f2d21285d6 diff --git a/src/elogd.c b/src/elogd.c index 4ad065f6..ef4e5cf9 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -18709,7 +18709,8 @@ BOOL subst_param(char *str, int size, char *param, char *value) p1 = s - 1; for (p2 = p1 + strlen(param_enc) + 1; *p2 && *p2 != '&'; p2++); - strlcpy(p1, p2, size - (p1 - str)); + strlcpy(str2, p2, sizeof(str2)); + strlcpy(p1, str2, size - (p1 - str)); if (!strchr(str, '?') && strchr(str, '&')) *strchr(str, '&') = '?'; @@ -19010,15 +19011,19 @@ void build_ref(char *ref, int size, char *mode, char *expand, char *attach, char strlcat(ref, strchr(getparam("cmdline"), '?'), size); /* eliminate old search */ - if (strstr(ref, "cmd=Search&")) - strlcpy(strstr(ref, "cmd=Search&"), strstr(ref, "cmd=Search&") + 11, sizeof(str)); + if (strstr(ref, "cmd=Search&")) { + strlcpy(str, strstr(ref, "cmd=Search&") + 11, sizeof(str)); + p = strstr(ref, "cmd=Search&"); + strlcpy(p, str, size - (p - ref)); + } /* eliminate id=xxx */ if (strstr(ref, "id=")) { - p = strstr(ref, "id=") + 3; + strlcpy(str, ref, sizeof(str)); + p = strstr(str, "id=") + 3; while (*p && isdigit(*p)) p++; - strlcpy(strstr(ref, "id="), p, sizeof(str)); + strlcpy(strstr(ref, "id="), p, size); if (strlen(ref) > 0 && ref[strlen(ref) - 1] == '?') ref[strlen(ref) - 1] = 0; }