From: reyk <reyk@openbsd.org>
Date: Sun, 20 Apr 2014 16:18:32 +0000 (+0000)
Subject: Check for strlcpy overflow when expanding the HTTP input value.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ad587bc90782c1ae513498111cddecbb30d1f3bb;p=openbsd

Check for strlcpy overflow when expanding the HTTP input value.
---

diff --git a/usr.sbin/relayd/relay_http.c b/usr.sbin/relayd/relay_http.c
index 44d47ea2d0d..592bd56ce3c 100644
--- a/usr.sbin/relayd/relay_http.c
+++ b/usr.sbin/relayd/relay_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relay_http.c,v 1.17 2014/04/15 22:35:11 andre Exp $	*/
+/*	$OpenBSD: relay_http.c,v 1.18 2014/04/20 16:18:32 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2012 Reyk Floeter <reyk@openbsd.org>
@@ -896,7 +896,8 @@ relay_expand_http(struct ctl_relay_event *cre, char *val, char *buf, size_t len)
 	struct relay	*rlay = con->se_relay;
 	char		 ibuf[128];
 
-	(void)strlcpy(buf, val, len);
+	if (strlcpy(buf, val, len) >= len)
+		return (NULL);
 
 	if (strstr(val, "$REMOTE_") != NULL) {
 		if (strstr(val, "$REMOTE_ADDR") != NULL) {