Fix a buffer overflow when initializing the random salt for "+x"
authorAlexander Barton <alex@barton.de>
Thu, 16 Aug 2012 21:51:28 +0000 (23:51 +0200)
committerAlexander Barton <alex@barton.de>
Thu, 16 Aug 2012 21:51:28 +0000 (23:51 +0200)
This "off by one" buffer overflow has been introduced in commit 49385a98,
"Implemented hashed cloaked hostnames for +x".

src/ngircd/conf.c

index b09113730ef185dff831ca6a0392c4a8d757ddcf..923cdc025bf50be6bad356ff56e802b3e1a8dc14 100644 (file)
@@ -653,7 +653,7 @@ static void
 Set_Defaults(bool InitServers)
 {
        int i;
-       char random[RANDOM_SALT_LEN];
+       char random[RANDOM_SALT_LEN + 1];
 
        /* Global */
        strcpy(Conf_ServerName, "");